1. RISK ASSESSMENT, PROFILING AND TARGETING

1. RISK ASSESSMENT, PROFILING AND TARGETING

CONFIDENTIAL CONTENTS 1. INTRODUCTION 2. LEARNING CIRCLE AND RISK ASSESSMENT 2.1. Introduction Risk Identification Risk analysis Seizure analysis Risk Evaluation and Prioritization 2.2. Risk Preparation/Profiling 2.2.1. Introduction 2.2.2. Steps in developing a profile 2.3. Targeting 2.4. Covering/Treatment 2.5. Evaluation of results 3. USE OF INFORMATION TECHNOLOGY 3.1. Introduction 3.2. Data storage and security 3.3. Data mining 3.4. Valuation Database as a Risk Assessment Tool 4. APPENDIXES Appendix I: Automated Targeting System Appendix II: ncen Bridging the gap through technology Appendix III: Data Mining in the Risk Management Process Appendix IV: Guidelines on the Development and use of a National Valuation Database as a Risk Assessment Tool 1-2 1. RISK ASSESSMENT, PROFILING AND TARGETING

CONFIDENTIAL 1. INTRODUCTION The ongoing increase in international trade and travel has made exhaustive physical checking of all cargo and passengers almost impossible. The purpose of this document is to help Customs decide how best to utilize their limited sources. Every day Customs officers must make choices concerning which cargo or passengers will be checked, or not. It is not only available equipment, resources and manpower that are important for making choices, but also the reasons (risk indicators) as to why a cargo or passenger has been selected for checking. Many Customs services utilize Information and Communication Technology (ICT) systems to automatically generate risk indicators from profiles loaded within the system. The use of risk indicators makes it easier for the Customs officer to make the right choices. In Customs services without an electronic profile system, the Customs officer must decide which shipment of goods or passengers will be checked, by manual screening techniques which could be considered resource intensive. This document will address ways in which a Customs Administration can implement risk assessment in order to best decide (by assessment, profiling and targeting) where resources should be allocated or deployed in order to maximise results. The way a country implements risk assessment, profiling and targeting can differ depending on local circumstances. 1. RISK ASSESSMENT, PROFILING AND TARGETING 1-3

CONFIDENTIAL 2. LEARNING CIRCLE AND RISK ASSESSMENT 2.1. Introduction Risk assessment is the overall process of determining risk identification, risk analysis, risk evaluation and prioritisation. It is one of the most important steps in the learning circle and will be explained in the following sections. Learning circle starts with three steps of risk assessment, and then continues with preparation/ profiling, targeting, covering/treatment, evaluation of outcomes/feedbacks. Covering / Treatment Targeting Evaluation of outcomes / feedbacks LEARNING CIRCLE Preparation / Profiling Risk Identification Risk Analysis Risk Evaluation and Prioritization necessary, measures such as the issue of profiles or publication of new alerts can be taken to cover the risk. Detailed feedback on the results of Customs checks is vital. Both positive as negative results should be reported as they are equally valuable in identifying future risk indicators, new trends and contribute to the cycle of intelligence. For example, a negative result on referral of a shipment of poor quality fruit is still of interest since the shipment could have been used as a test shipment. So, for Customs services is it very important that all Customs officers can report all kinds of information to identify new and emerging risks. For this reason it is crucial that Customs services develop/ use a user-friendly system 1 to collect this kind of information. Customs officers must be trained how to recognize risks in the field they are working. For Customs officers it is important to be in a position to reach and to learn from all kinds of available information on crime and smuggling. Reports, alerts, and bulletins of organisations such as the WCO, Regional Intelligence Liaison Offices (RILOs), United Nations Office on Drugs and Crime (UNODC), Interpol and of national law enforcement agencies as well as open source information can assist in this. Sources of key information may be: Risk assessment is applied to Customs enforcement primarily to identify how best to apply effort and resources in order to maximise seizures of contraband, but also to facilitate the legitimate trade. The technique is used to improve selectivity or targeting by focusing enforcement efforts on the areas most likely to produce positive enforcement results. The obvious benefit of risk assessment is that it helps Customs management to decide how to allocate limited resources. The presence of risks may be a reason for Customs officers to select a specific shipment of goods or a passenger for a physical check or examination of documents. In general, irregularities will be reported and can be used for risk analysis. When Seizure reports Strategic, Tactical, Operational reports of other Customs administrations Intelligence data Information exchange with other Customs Administrations Risk signals from Customs officers and other law enforcement personnel Cooperation or interviews with other knowledgeable people from the importing and transportation field, e.g. Customs brokers, cargo agents, warehouse personnel, etc. Transport documents such as manifests, airway bills, etc. 1. For example: WCO Customs Enforcement Network (CEN) and National Customs Enforcement Network (ncen) systems. 1-4 1. RISK ASSESSMENT, PROFILING AND TARGETING

CONFIDENTIAL Available national Customs (or other law enforcement agencies) data bases Signals and alerts Risk Identification Risk Identification consists of identifying when, where, why, how and by whom risks can arise as the basis for further analysis. Risk identification is a somewhat subjective step, because thought is given to uncertain/unknown future events. However, if done by people familiar with the holistic business processes, supported by intelligence, then experience and knowledge can provide an objective view of the environment. The following example of risk identification at a border crossing describes the main elements to be considered in Box 1. Additional information and examples are given in the Manuals of Risk Indicators in Volume II. Box 1: Risk Identification at a Border Gate The steps in (drugs related) risk identification at a border crossing: 1. Describe the current enforcement controls system. 2. Draw a flowchart which shows each step in the control process. 3. What are the current controls in the system? 4. What are the current strengths and weaknesses in the system? 5. Where, when, how is the risk likely to be occur and by whom? 6. Why do the opportunities to circumvent the controls arise? 7. Categorize risks-controllable or Uncontrollable. In going through the risk identification process, there are many different areas in your control system to look at. The areas themselves have many different items to consider. Following are various possible items, not exhaustive, to be considered when reviewing the areas in the control system in order to try to identify risks or weaknesses. Geography Is your border crossing close to a contraband source area in the neighboring country? Is your border crossing or control point on a major contraband transit route? Is the country next to your border crossing a contraband transit country? Traffic Patterns and Staffing Is the amount of traffic consistent or is it heavier at certain times of the day or certain days of the week? What is the primary kind of traffic cars, trucks? Does the type of traffic change at certain times, with there being more cars, trucks or foot traffic than at other times? Is the staffing sufficient to meet traffic patterns amount of staff greater during higher traffic periods? Goods and Local (Drug) Trends Do the goods that normally come through your border crossing or control point offer good opportunity to conceal contraband? Does the packaging or containers for goods that normally come through your border crossing or control point offer good opportunity to conceal contraband? Are drug prices in your country going up or down (drug prices going down will possibly indicate that more drugs are entering the country)? Have the number of addicts or drug overdoses been increasing in your country (an increase would possibly indicate that more drugs are available in your country)? 1. RISK ASSESSMENT, PROFILING AND TARGETING 1-5

CONFIDENTIAL Cooperation with the other law enforcement agencies at the border Cooperation and information exchange is the key for combating Customs frauds in general and drugs in particular. Do you exchange information with other agencies at the border? Neighboring Country s Enforcement Activity Do your colleagues on the other side of the border conduct export searches? Do you exchange information with your colleagues? This information could concern seizures or intelligence. Controls What are the strengths and weaknesses of your controls? Why do opportunities exist for contraband to go through your controls? What percent of cargo, vehicles and people are searched? Do you ever question the operators or passengers in vehicles? Do you keep records or seizures? Do you develop profiles of suspect smugglers or concealment methods? Do new officers receiving training on what drugs to look for and common drug smuggling methods? Risk analysis Risk analysis, in general terms, is about developing an understanding of the risk. It provides an input to risk assessment and to decisions about whether risks need to be addressed together with the most appropriate strategies and methods to control the risk. Risk analysis consists of determining the consequences and their probabilities for identified risks. The consequences and their probabilities are then combined to determine a level of risk. In order to identify the level of risk (high, medium, low) you need to take in account all available information. The analysis considers: how likely is an event to happen; and what are the potential consequences and their magnitude. Risk analysis involves consideration of the causes and sources of risk, their consequences and the probability that those consequences can occur. Factors that affect consequences and probability should be identified. An event can have multiple consequences and can affect multiple objectives. Existing risk controls and their effectiveness should be taken into account. Risk analysis normally includes an estimation of the range of potential consequences that might arise from an event, situation or circumstance, and their associated probabilities, in order to measure the level of risk. When a risk analysis leads to the conclusion that consequences are likely to be insignificant and the probability is expected to be extremely low, consideration can be given to facilitate trade. The purpose of risk assessment is therefore not only to discover risks, but also to determine that in the majority of the traffic of cargo and passengers there is limited risk. For instance, if a certain flight has been checked several times with no results, one can conclude that the number of checks can be lowered. This should be verified intermittently to ensure the assessment remains current. Seizure analysis Seizure analysis is an important tool of risk assessment. Understanding how a violation of Customs law was carried out provides valuable lessons for recognising future attempts or weakness in the system. A significant proportion of major investigations result in the same people or companies being involved time after time. It is important to systematically apply intelligence, information, anecdotes 1-6 1. RISK ASSESSMENT, PROFILING AND TARGETING

CONFIDENTIAL and lessons learned from major seizures to proactively plan for future targeting. With the benefit of hind sight it is often possible to look at things from a different perspective. Objectives of seizure analysis: Identify and outline the background to the seizure: Modus operandi, scope, scale of activity, persons involved Establish as far as possible all the subjects involved and what role they played Involves identifying persons, companies, suppliers, shippers, brokers Identify what aspects of the seizure are not known: Essentially identifying future work to fill in gaps Identify any on going risk to the border: Who was involved, and what risk do they present now Who was not arrested, do they pose a threat now Establish whether this seizure was part of a trend or pattern: Has it occurred overseas, in your country e.g. look at context of seizure Any new smuggling method identified? What if any lessons can be learned from this seizure (and who needs to be informed): Do profiles/targeting criteria need refining Were false leads followed unnecessarily? It should be noted however that seizure analysis only identifies where the Customs service has been successful. It does not take into account those shipments of smuggled goods that successfully evaded Customs controls. So the sharing of any kind of seizure information obtained from other law enforcement agencies or Customs administrations (e.g. CEN) is useful in this context. Risk Evaluation and Prioritization The risk assessment process will highlight context and other factors that might be expected to vary over time and which could change or invalidate the risk assessment. These factors should be specifically identified for on-going monitoring and review, so that the risk assessment can be updated when necessary. Box 2 below suggests some factors to consider when evaluating risk, using a land border environment as an illustration. Data to be monitored in order to refine the risk assessment should also be identified and collected. The effectiveness of controls should also be monitored and documented in order to provide data for use in risk analysis. Accountabilities for creation and reviewing the evidence and documentation should be defined. Box 2: Considerations for Determining Risk at a Land Border Crossing Assessing the Level of Risks at the Land Border Crossings The reason for analyzing and assessing the level of the identified risks is to determine which risks are the most serious and should have priority for being treated or having corrective action taken. You first rate the likelihood and the consequences as high, medium or low. From rating the likelihood and consequences, you have information which will be used to make a final assessment of the risks. This final rating will again be high, medium or low. As with the information provided for risk identification, the following non-exhaustive list is intended to give you some guidance in determining the level of risk. Geography If your border crossing is next to a contraband source country or on a major transit route, the likelihood of the risk occurring would be higher than if these circumstances did not exist. 1. RISK ASSESSMENT, PROFILING AND TARGETING 1-7

CONFIDENTIAL If the country next to your border crossing is a major transit country, then you should consider the possibility that it could pose a big a threat as a source country and increase the likelihood of smuggling. Traffic Patterns and Staffing If there is insufficient staff to handle the traffic, this increases the likelihood of smuggling. Traffic coming from a source area would be of higher risk than traffic from a non-source area and traffic going to a high user area would be of higher risk than traffic going to a low or non-user area. Cargo made up of multiple consignments will be more difficult to profile and perform selectivity on than cargo going to a single consignee, which would increase the likelihood of smuggling. Goods and Local (drug) Trends If legitimate goods, or their packaging and containers, which normally cross your controls, offer a good opportunity to conceal contraband, then this would increase the likelihood of contraband coming through your controls undetected. If you are not familiar with all the goods that commonly go through your controls crossing, then it is more difficult for you to profile and select suspect shipments, thereby increasing the risk. The greater the amount of drugs used in your country that are produced in the neighboring country, the greater the likelihood that they are being smuggled across your border crossing and the consequences are also high. Neighboring Country s Enforcement Activity If your colleagues on the other side of the border conduct export searches, this will probably make your particular border crossing less attractive to smugglers and they will choose a border crossing with less intense enforcement activity. This will decrease the likelihood of the risk occurring, but if they do not do export searches, it will increase the likelihood. If you do not exchange information with your colleagues across the border, you are missing a great opportunity and, therefore, increase the risk of smuggling at your border control point. Your Border Crossing Controls If searches are always cursory and not complete, the likelihood that contraband is coming through your controls will be higher. If you do not question any vehicle operators or passengers, you will not have the opportunity to discover many risk indicators which are revealed through questioning and this will increase the risk of smuggling by people or cargo. Failure to keep seizure records, to develop profiles of smugglers and methods and to use risk indicators means that you are using random selection techniques which are not effective and thereby increase the smuggling risk at your border crossing. 2.2. Risk Preparation/Profiling 2.2.1. Introduction More and more Customs administrations utilise electronic targeting systems to select consignments and passengers for Customs control. These targeting systems generally use two kinds of risk profiles: specific risk profiles random profiles Profiles assist Customs Administrations in making choices since it is generally impossible (and not efficient or necessary) to check all consignments or passengers. Day to day practice has demonstrated that profiles cannot identify all risks. Several reasons exist for this: technical limitations of systems; lack of capacity to actually perform the selections; new modus operandi that are not known yet; and 1-8 1. RISK ASSESSMENT, PROFILING AND TARGETING

CONFIDENTIAL profiled companies that do not appear on the manifests. A risk profile consists of one or a combination of indicators aimed at selecting certain consignments or passengers that require more Customs attention. Box 3 below describes the development and characteristics of a risk profile. Risk profile development is based on information gathering, systematic charting and analysis of the information. Box 4 below illustrates an example of charting risk indicators in the passenger context and Box 5 does the same in the sea cargo context. The risk profile contains a description of: the risk area (e.g. drugs/ revenue); assessment of the risk or possible risk that may be involved; specific indicators like companies, persons, origin, goods, etc.; the counter-measures to be taken (means of control); and the period that the profile is active for. On the other hand, selection system might be supported by random selection so that unknown risks can be discovered. Box 3: Development and Characteristics of a Risk Profile From Risk Areas to Risk Profiles A risk profile is a document which can be set out in a number of ways but it should be comprehensive and relevant to the traffic throughput in a Customs office. The risk profile should contain a description of the risk area, an assessment of the risk, the counter-measures to be taken, an action date, the results and an evaluation of the effectiveness of the action taken. A risk profile can be kept in a binder or on a local computer and it should be as accessible as possible to the relevant Customs officers. Risk indicators, on the other hand, are specified selectivity criteria such as: specific commodity code, country of origin, departure country, licensing indicator, value, trader, level of compliance, type of means of transport, purpose of the stay in the Customs territory, financial consequences, or financial situation of the trader/person. Once established, the profiles along with other information and intelligence will provide a basis for targeting potentially high risk movements of consignments, means of transport, or passengers. RISK AREAS SELECTIVITY CRITERIA Choice of general information RISK INDICATORS specific details for the risk RISK PROFILE Combination of risk indicators - Quota - GSP - CITES - Trade - etc - kind of goods - country of origin - transport route - principal - etc - textiles under quota - specific country of origin - unusual transport route - specific principal - etc - textiles under quota AND/OR - specific country of origin AND/OR - unusual transport route AND/OR - specific principal AND/OR 1. RISK ASSESSMENT, PROFILING AND TARGETING 1-9

Box 4: Charting Risk Indicators at an Airport CONFIDENTIAL Simple Profiling Example: Passengers Information contained in seizure reports resulted in the following chart: Age Sex Day of Week Time of Seizure 25 M Sunday 09:00 27 M Sunday 08:30 41 M Tuesday 09:15 23 F Saturday 10:00 30 M Monday 09:30 29 F Sunday 08:15 26 M Thursday 14:00 From this chart, it is possible to build a profile of what type of smuggler is operating at this border crossing. It is primarily a male, aged between 25 and 30 years who prefers attempting to bring contraband between 08:00 and 10:00 hours. The foregoing is an elementary example, but it serves to show how a profile can aid in not only knowing who to look for (males between 25 and 30 years), but also when to look for them (between 08:00 and 10:00 hours). Box 5: Charting Risk Indicators at a Sea Port Simple Profiling Example: Cargo: Information contained in seizure reports resulted in the following chart: Drug Type Cargo Type Concealment Shipping Line Heroin Computers Inside Computer Green Seas Hashish Clothing False Wall Royal Heroin Televisions Inside Television Green Seas Heroin Televisions Inside Television Green Seas Heroin Computers Inside Computer Royal Heroin Computers Inside Computer Green Seas Hashish Paper Products In Packaging Royal From this chart, it is possible to build a profile of what type of heroin smuggling methods are being used at this port. It is primarily hidden inside computers and televisions and arriving on vessels owned by Green Seas and Royal shipping companies. The foregoing is also an elementary example, but it serves to show how a profile can aid in not only knowing who to look for, but also on what arriving vessels to look for them. 2.2.2. Steps in developing a profile A. Collect available data from sources such as: seizure reports (modus operandi); intelligence data (Customs investigations reports, available Customs systems, information of other law enforcement agencies, international organisations); cooperation with other law enforcement officers; information of trade and industry, shipping companies, stevedores, custom brokers etc.; 1-10 1. RISK ASSESSMENT, PROFILING AND TARGETING

CONFIDENTIAL irregularities; other signals of Customs officers; documents like Bills of Lading, Airway bills, invoices etc.; and information available on Internet an other open sources. The collection of recent and pertinent information relating to seizures is crucial. The WCO Customs Enforcement Network (CEN) is a set of tools used to collect, analyse and disseminate information and intelligence mainly on Customs seizures in WCO member countries. B. Evaluate, structure and chart the data (1) check and verify the reliability and accuracy of the data, (2) select a format for the chart which allows you to compare the pertinent data, (3) itemise data elements on the chart (4) establish a computer database if feasible All information collected has no value on its own merit. The usefulness of the information or data is dependent upon its validity and reliability. By evaluating the reliability of the source and accuracy of the information, this information is now ready to be analysed. C. Analyse the data There is no specific structure on how to analyse the data -every Customs service has its own method. The Analysis Guidelines - as a part of the WCO Risk compendium - contains guidelines for this topic. (1) Look for common elements (2) Recognise patterns: (a) movement of merchandise (information of counterparts) (b) methods of concealment (c) conveyances used (d) frequently utilised flights (e) day/date/time of seizures (f) age/sex of violators (g) routing of persons/carriers (h) origin of contraband The analysis involves examining components of collected information to establish patterns and relationships. Considering the context and the aim of the analysis, identify the main issues by examining the available information/data, such as (if it is drug related): main routes, source countries, suspect ports, risk countries, out of season commodities, mode of transport, concealment methods, etc. Automated tools are available to analyse data and assess risk. These tools can identify trends and lessons from past experiences, as well as point out high-risk areas. (see the WCO Databank on Advanced Technology) D. Establish, disseminate/activate the profile: (1) Customs profiling system (2) Bulletin board (3) Telephone (4) Mail (5) Briefing Before a profile is activated in an automated profiling system, consider testing the profile in order to check the impact and outcome F. Obtain feedback: (1) Seizure reports (2) Other written reports (3) Intelligence (4) Oral reports G. Modify profile: (1) Change elements as indicated by feedback (2) Profiles need regular updating. After the risk profiles have been used for a period of time it is important to assess their value. The result of the analysis work is used to feed new information back into the risk assessment process and at the same time update the risk profiles, if required. As a result of this work the Customs services are able to identify additional investigative leads and potential targets for inspection. Box6 provides an example of undertaking all the profiling steps discussed. 1. RISK ASSESSMENT, PROFILING AND TARGETING 1-11

CONFIDENTIAL Box 6: A Profiling Exercise: Combating Drug Smuggling In Country A, XYZ harbour has been identified as one of the ports for drug smuggling. A team has been tasked to analyze the situation and develop a profile. 1. COLLECT INFORMATION (a) Seizure reports, other documents such as manifests, bill of lading etc. (b) Intelligence data (c) Interviews with Customs officers and other law enforcement personnel as well as with other knowledgeable people from the importing and transportation field, e.g. Customs brokers, cargo agents, warehouse personnel, etc. (d) Other relevant information 2. EVALUATE AND CHART THE DATA (a) Evaluation is the beginning of the processing phase. It involves evaluating the reliability of the source and accuracy of the information. (b) Data was collated, a chart format was selected, data was itemized, and then data elements was entered on the chart. Effective collation assists the intelligence developer or the analysts to identify the relationship between persons and companies, determine significant events and patterns of activity and uncover information gaps and hence collect additional information. Collation could be made according to the chronological sequence of events, dates of information received, identities of the people involved, geographical regions and sources of information or any combination of the above. The process of coding involves transforming the original (or raw) information, into a number of variables (type of offence, mode of transport, time and location for example), and to develop within each variable, a number of mutually exclusive categories. 3. ANALYZE THE DATA Analysis involves examining components of collected and evaluated data to establish patterns and relationships. In our example, after analyzing the data, it was established that small lorries, fictitious companies and private cars form the biggest threat. 4. ESTABLISH THE DATA ELEMENTS (a) Draw up the list of data elements: After analyzing, data elements should be identified. WCO Data Model should also be considered while identifying data elements (namely, risk indicators). (b) Determine coefficients for each data element: Every data element should also have coefficient on its own, allowing the Customs officer to determine, if the targeted goods or conveyances establish high, medium or low risk. Based on the analysis the unit draws up a list of data elements and coefficients needed for the risk profiling. Risk Indicators : Coefficients: Importer 2 Fictitious companies 4 Lorries 4 New drivers 2 Private cars 4 New companies 2 Payment in cash 1 Hand written manifest 1 Suspicious routing 2 In addition to the risk indicators it is always important to find out if there is some intelligence data available concerning the target. 1-12 1. RISK ASSESSMENT, PROFILING AND TARGETING

CONFIDENTIAL 5. DEFINE THE LEVEL OF RISKS (a) Low risk (1-6) : No inspection (b) Medium risk (7-10): Case by case decision and/or documentary inspection (c) High risk (11 +): Physical inspection If the target is counted as a high risk, physical check should always be conducted. On the other hand, if the result of the risk profiling is that the target is a low risk there is usually no need to make an inspection. When the result of risk profiling is that the goods or conveyance under examination establish a medium risk the decision to make a search has to be decided using Customs officers intuition and other available information. Even if a physical inspection is not performed, there might be need for a documentary control. 6. DISSEMINATE, REVIEW & MODIFY (a) Circulate the profile to appropriate users / activate in an automated system (b) Collect feedback (c) Evaluate feedback, and (d) Modify the profile, if needed After the risk profiles have been used for period of time determined earlier it is time to assess the value that the risk profiles and gathered intelligence contributed to risk assessment process. The results of the analysis work are used to feed new information back to the risk assessment process and at the same time for updating the risk profiles and coefficients, if needed. As a result of this work the Customs services are able to identify additional investigative leads and potential targets for inspection. 2.3. Targeting Targeting is based upon the prior identification of high risk goods, conveyances and passengers combined with document review, questioning and observation techniques in order to actually decide which ones to submit to a closer examination. Targeting is different for different types of contraband. The ever changing nature of smuggling also introduces another variance. As Customs becomes aware of patterns and trends in smuggling and sets up characterisations based on them, eventually these trends will change, and the criminal community will try new methods to introduce contraband. Therefore, these characterisations are ever changing and evolving. The following are some examples of critical elements to be considered when developing characterisations of arriving travellers: Age Sex Ethnicity Socio-economic status--education, occupation, etc. Appearance Items carried luggage type, amount of currency Origin/destination Time elements frequency of travel, length of stay Mode of travel Purpose of travel Quite conveniently, there are frequently encountered types of passengers for which certain patterns have emerged. Ordinarily the types of international traveller can be identified, and interviews can be made more effective by tailoring questions to that category of individual. If questioning verifies that these people are who they say they are, then they should normally be treated as low risk. Selectivity criteria for dutiable goods include the history of the importer, exporter, carrier, agent, etc., the origin and routing of the goods, and prohibitions or restrictions. For example, if air cargo or aircraft is selected for more intensive checks, using risk assessment process is 1. RISK ASSESSMENT, PROFILING AND TARGETING 1-13

CONFIDENTIAL necessary. During this process identify those areas in which the airport faces the greatest risk and the strengths and weaknesses of control system. In the profiling stage, picture is built of what a smuggler or smuggling method may look like for the airport. These two steps will help identifying possible high-risk goods and flights. Selectivity is then used to decide which of those goods and flights to actually target. Adequacy of the concealment method can also be used as a risk identifier in that cargo shipments can be identified which for one reason or another do not appear to be normal for the airport. For example, a smuggler may ship goods by a route that does not appear direct or does not make economic sense, in order to avoid showing that the goods came from or transited a source country. There could be many reasons why the shipment appears to be abnormal, such as the type of goods, or the routing of the shipment or the method/cost of transport. However, in order for this practice to be most effective, you must be familiar with what is normal before you can recognise what is abnormal. Prior to reaching the selectivity stage, below mentioned issues have already been identified: what types of contraband are coming through the airport, why they are coming through the airport, what the strengths and weaknesses of border controls are and the characteristics common to smugglers and smuggling methods at the airport. However, due to the shortage of resources and the large amount of aircraft and cargo traffic, every piece of cargo or aircraft which fits a profile may not be examined. Therefore, document review, questioning, observation and other enforcement tools should also be utilised in order to select for examination those goods, conveyances and passengers that pose the highest risk. Automated Targeting System (ATS) of the United Stated Customs and Border Protection is summarized in Appendix I. 2.4. Covering/Treatment Specific measures (means of control) or combination of measures on how to detect a certain identified risk will be identified at this stage. 2.5. Evaluation of results The last step of the learning circle is reviewing the results to determine whether a risk has been addressed or targeted properly. To be able to determine this, it is important to have detailed reports during the different phases of the learning circle. The results of the evaluation and review are also used to feed back the risk assessment process and to update the risk profiles. The profiles that have been drafted to target certain consignments and passengers lead to a number of Customs examinations. The results of the checks give further information that can be used in the learning circle. Both positive and negative results are valuable. By reporting the results, one can determine whether the profile has been effective and efficient or not. By analysing the results a decision can be made to adjust the profile or not. As stated earlier profiling is a dynamic process that needs constant adjustment. 1-14 1. RISK ASSESSMENT, PROFILING AND TARGETING

CONFIDENTIAL 3. USE OF INFORMATION TECHNOLOGY 3.1. Introduction The advantage of using Information and Communication technologies for control purposes is the ability to make information easily available to all authorised Customs officials. Information technology opens up better possibilities for the collection, analysis, targeting, profiling and outcomes of your efforts. Furthermore IT enables a more effective exchange of information with other law enforcement agencies. The application of Information and Communication technologies also allows Customs to assess various data, such as selectivity criteria, speedily and accurately, in order to identify their usefulness and helps them to react quickly to changing circumstances. The use of information technology is an effective tool for risk assessment. It enables a more rapid analysis of selectivity criteria than would be possible manually. Automation allows Customs administrations to establish a national database of information on all transactions and movements which can be updated and used for rapid information sharing and identification of changing risk areas. It can also provide a database of all risk profiles which would form the basis for a selectivity module within an automated clearance system. An automated system makes it easier for Customs administrations to subject declarations to a series of selectivity filters (i.e. the profiles) to determine which declarations may require further examination. With a better selection it also allows Customs to facilitate the legitimate trade. 3.2. Data storage and security Administrations are advised to take into consideration the legal requirements for storing data and ensuring its security. Guidelines on Application of Information and Communication Technology (Revised Kyoto Convention, General Annex, Chapter 7) provides further information. WCO has developed a system (National Customs Enforcement Network ncen) to assist Customs administrations to collect, store and exchange law enforcement data. Appendix II contains detailed information on ncen. 3.3. Data mining Data mining is a relatively new field that enables finding interesting knowledge (patterns, models and relationships) in the data sets. It is the most essential part of the knowledge discovery process and has the potential to predict events or to assist in analysis. Data mining has elements of databases, statistics, artificial intelligence and machine learning. Data mining software allows users to analyze large data sets from many different dimensions or angles, categorize it, and summarize the relationships identified. Technically, data mining is the process of finding correlations or patterns among dozens of fields in large databases. Customs might have such large databases, for instance from the operational import and export systems. Data mining techniques help us to perform better in risk identification, analyzing and preparing for audits or checks. With data mining Customs can gain time and can perform less checks with the same or even better results. Some of the applicable data mining techniques are shown below. With time series analysis, Customs can look for not known patterns, in order to discover new risks. Explaining a significant increase of trade for a certain product from a certain country of origin makes it possible that new risks will be found. This technique can be used in the stage of risk identification. With predictive modelling, one is able to produce estimations of unknown dependable variables at present or in the past. More commonly, with this method you can predict whether a situation will occur or has occurred. Techniques often used for this method are regression analysis, decision trees and neural networks. Those techniques are also suitable for making selection rules or for improving existing selection rules. With selection rules Customs administrations can select importand export shipments for a check. 1. RISK ASSESSMENT, PROFILING AND TARGETING 1-15

CONFIDENTIAL Document on Data Mining in the Risk Management Process developed by the WCO Electronic Crime Expert Group is attached as Appendix III. 3.4. Valuation Database as a Risk Assessment Tool A national valuation database is a risk assessment tool which may be used by Customs along with other risk tools to assess potential risk regarding the accuracy of the declared Customs value for imported goods. The information in the database should be recent data reflecting the Customs value and other pertinent information for previously imported goods. The values may not be used to determine the Customs value for imported goods, as a substitute value for imported goods, or as a mechanism to establish minimum values. Guidelines on the Development and Use of a National Valuation Database as a Risk Assessment Tool address various issues pertaining to the development and use of a national valuation database (Appendix IV). 1-16 1. RISK ASSESSMENT, PROFILING AND TARGETING

CONFIDENTIAL 4. APPENDIXES Appendix I: Automated Targeting System Appendix II: ncen Bridging the gap through technology Appendix III: Data Mining in the Risk Management Process Appendix IV: Guidelines on the Development and use of a National Valuation Database as a Risk Assessment Tool 1. RISK ASSESSMENT, PROFILING AND TARGETING 1-17

CONFIDENTIAL Appendix I: Automated Targeting System AUTOMATED TARGETING SYSTEM (ATS): U.S. Customs and Border Protection s Experience The U.S. Department of Homeland Security (DHS), Customs and Border Protection (CBP) has developed the Automated Targeting System (ATS). Using a common approach for data management, analysis, rules-based risk management, and user interfaces, ATS supports all CBP mission areas and the data and rules specific to those areas. ATS is an Intranet-based enforcement and decision support tool that is the cornerstone for all CBP targeting efforts. CBP uses ATS to improve the collection, use, analysis, and dissemination of information that is gathered for the primary purpose of targeting, identifying, and preventing potential terrorists and terrorist weapons from entering the United States. Additionally, ATS is utilized by CBP to identify other violations of U.S. laws that are enforced by CBP. In this way, ATS allows CBP officers to focus their efforts on travelers and cargo shipments that most warrant greater scrutiny. ATS standardizes names, addresses, conveyance names, and similar data so these data elements can be more easily associated with other business data and personal information to form a more complete picture of a traveler, import, or export in context with previous behavior of the parties involved. Every traveler and all shipments are processed through ATS, and are subject to a realtime rule based evaluation. ATS provides equitable treatment for all individuals in developing any individual s risk assessment score, because ATS uses the same risk assessment process for any individual using a defined targeting methodology for a given time period at any specific port of entry. ATS receives various data in real time from the following different CBP mainframe systems: the Automated Commercial System (ACS), the Automated Export System (AES), the Automated Commercial Environment (ACE), and the Treasury Enforcement Communication System (TECS). ATS collects certain data directly from commercial carriers in the form of a Passenger Name Record (PNR). Lastly, ATS also collects data from foreign governments and certain express consignment services in conjunction with specific cooperative programs. ATS accesses data from these sources, which collectively include electronically filed bills, entries, and entry summaries for cargo imports; shippers export declarations and transportation bookings and bills for cargo exports; manifests for arriving and departing passengers; landborder crossing and referral records for vehicles crossing the border; airline reservation data; nonimmigrant entry records; and records from secondary referrals, incident logs, suspect and violator indices, and seizures. In addition to providing a risk-based assessment system, ATS provides a graphical user interface (GUI) for many of the underlying legacy systems from which ATS pulls information. This interface improves the user experience by providing the same functionality in a more rigidly controlled access environment than the underlying system. Access to this functionality of ATS uses existing technical security and privacy safeguards associated with the underlying systems. ATS consists of six modules that provide selectivity and targeting capability to support CBP inspection and enforcement activities. ATS-Inbound inbound cargo and conveyances (rail, truck, ship, and air): ATS-Inbound is CBP s primary decision support tool for targeting inbound cargo. The system is available to CBP officers at all United States ports of entry and CBP operations overseas. It provides an efficient, accurate, and consistent method for rapidly selecting high-risk targets for further scrutiny. ATS-Inbound assists in identifying cargo shipments, which pose a threat of terrorism, narcotic smuggling or other violations of U.S. law. 1-18 1. RISK ASSESSMENT, PROFILING AND TARGETING

CONFIDENTIAL ATS-Outbound outbound cargo and conveyances (rail, truck, ship, and air): ATS-Outbound is the outbound cargo targeting module of ATS that assists in identifying high risk exports. ATS-Outbound uses export declaration data that exporters file electronically. The export data is sorted and compared to a set of rules and evaluated in a comprehensive fashion. ATS-Passenger (ATS-P) travelers and conveyances (air, ship, and rail): ATS-Passenger is the module used at all U.S. airports and seaports receiving international flights and voyages to evaluate whether passengers and crewmembers should receive additional screening prior to arrival or departure. The system analyzes advance passenger information provided by carriers to develop a risk assessment for each traveler based on defined rules that pertain to specific operational objectives or enforcement efforts. ATS-Land (ATS-L) - private vehicles arriving by land: ATS-Land is the module that provides for the analysis and rule-based risk assessment of private passenger vehicles crossing the nation s borders. Using the vehicle license plate number, ATS-L allows CBP officers to cross-reference Federal and State databases using the weighted rulesbased assessment process and within seconds, determine whether the vehicle and its occupants should undergo further scrutiny. ATS - International (ATS-I) - cargo targeting for CBP s collaboration with foreign Customs authorities: ATS-International provides foreign Customs authorities with controlled access to automated cargo targeting capabilities and provides a means for exchanging best practices and developing and testing targeting concepts. This exchange provides vital support to other countries in the development of targeting systems that can enhance the security of international supply chains and harmonize targeting methodologies. ATS-Trend Analysis and Analytical Selectivity Program (ATS-TAP) (analytical module): ATS-Trend Analysis and Analytical Selectivity Program improves CBP s ability to examine, locate, and target violators of US laws, treaties, quotas, and policies regarding international trade. The trend analysis function provides an overview of trade activity for commodities, importers, manufacturers, shippers, nations, and filers to assist in identifying anomalous trade activity collectively. ATS supports the decision-making process and reinforces the role of the trained professionals making independent decisions necessary to identify violations of U.S. law at the border. 1. RISK ASSESSMENT, PROFILING AND TARGETING 1-19

CONFIDENTIAL Appendix II: ncen Bridging the gap through technology ncen is a system developed by the World Customs Organization (WCO) to assist Customs administrations to collect, store and exchange law enforcement information. The system when full functional will consist of an application for the collection and storage of enforcement data at a national level and an Information Communications interface (Icomm) for the exchange of these data amongst Customs administrations on international level. The receipt and exchange of accurate and timely information is the life blood of law enforcement activity. ncen consists of several complimentary components: a website, a secure communication system and various databases designed to facilitate the easy collection, storage, retrieval and dissemination of this information at the national level. In the future the system can be further developed in order to facilitate exchange of information at a national level between law enforcement and/or border control agencies. The Information Communications interface component of the system will allow the exchange of information at the regional and international level where information exchange protocols are in place to do so. By adopting ncen Customs administrations will have the ability to manage within structured database information on all aspects of their law enforcement functions. This will allow: better intelligence analysis, enabled risk targeting, seizure and performance management reporting, resource utilization and most importantly provide the platform for enhanced co-operation and collaboration across the whole border sector. ncen puts Customs administrations on the front foot. It provides a secure, cost effective pathway to assist administrations unlock key elements contained within the WCO Customs in the 21st Century Strategic Document, such as, Coordinated Border Management and a Globally Networked Customs. What does ncen do? It offers: A database of nominal Customs seizures and offences at a national level, comprising data required for the analysis of illicit traffic. A database where information on suspected persons, means of transport, means of concealment and offending business entities can be stored and queried at the national level. A dedicated website (ncws) that can be managed by a Member implementing ncen and which can contain alerts as well as intelligence needed by Customs administrations. A concealment picture database which enables Customs officers to view exceptional concealment methods and exchange X-ray pictures. A communication application to facilitate cooperation and communication between Customs administrations. An Information Communication interface (Icomm) for data exchange facilities; envisaged as data exchange specifications that can be implemented by third parties (other national Customs administrations, national Police, international organizations) and used to communicate with ncen systems or just for communication between parties. For WCO Members which do not have a centralized database in place ncen will provide these Members with a centralized database on seizures and Customs offences, a database on suspect persons, business entities, concealments, conveyances, etc. and a database of business entities where VAT information can be stored. Members introducing the complete ncen package will be able to exchange sets of data with each other and easily feed data into the global CEN database (option 1). 1-20 1. RISK ASSESSMENT, PROFILING AND TARGETING

CONFIDENTIAL For WCO Members which already have a centralized database in place These Members will have the possibility to install the Information Communication interface (Icomm) tool contained in the ncen application (option 2). This interface will enable data to be exchanged with countries that have implemented either the full ncen package or the Icomm. One future option is to link existing national databases to Icomm, enabling the export and/or import of selected data, including its transfer to the global CEN database. They may also install the ncen application but only use its Icomm functions as both their national centralized database and the ncen system will be linked and run in parallel (option 3). ncen security ncen uses modern technologies to perform reliable, secure and inexpensive operations. It is internet based and uses effective database protection. ncen relies on encryption technology to protect communication and data transfers. Its main characteristics are simplicity, user friendliness and low-cost communication, which is rapid and secure. ncen software is free! The ncen software will be given to all WCO Members free of charge. The only costs to be borne by the country implementing ncen relate to IT implementation (linking it to an existing server, including the addition of various security features), translation into national languages (other than English or French), hardware, etc. Members installing only the Icomm would have to link their database to Icomm and to develop user specifications and system requirements. ncen record categories The ncen database records Customs seizures and offences classified under 13 different product headings covering the main fields of Customs enforcement activity: Drugs, Tobacco, Beverages, CITES (endangered species of flora and fauna), Intellectual property rights (counterfeiting and piracy), Precursors, Tax and duty evasion, Weapons and explosives, Currency, Nuclear materials, Hazardous materials, Pornography / Paedophilia, Other prohibitions and restrictions (including works of art, stolen vehicles, anabolic steroids, etc.) COUNTRY A COUNTRY B National Customs Db (ncen user) Icomm Option 1 Icomm National Custom Db (ncen user) Option 2 Option 3 COUNTRY C COUNTRY D ncen (ncen/lcomm user) Icomm Icomm National Customs Database (Icomm user) One future option Local International Organizations National Custom Database Icomm WCO CEN and other International Databases 1. RISK ASSESSMENT, PROFILING AND TARGETING 1-21

CONFIDENTIAL Appendix III: Data Mining in the Risk Management Process Introduction One of the strategic objectives of Customs Administrations is to increase compliance and counter taxpayer evasion and other irregularities. An important element in this is to think through and eliminate risks. These risks must be charted in order to enable Customs Administration to focus on those risks which will best support compliance based on well considered choices made in advance. The risk management process model, also called a learning circle, was developed for this purpose. In this model, risk signals go through a number of stages and are eventually, if they satisfy predefined criteria, incorporated into the risk mix as elaborated risks. The stages in this risk management process are risk finding, risk analysis, preparation, detection, covering and evaluation. In some of those stages data mining can be of great importance. Because of the enormous expansion of trade, Customs Administrations are facing an increase in data and information. The challenge is to obtain an overview, insight and intelligence from the data sets. Manual analysis is not sufficient anymore. Those large data sets require a different approach, such as data mining. Data mining can be defined as.the nontrivial extraction of implicit, previously unknown, and potentially useful information from data. Data mining is a relatively new field that enables finding interesting knowledge (patterns, models and relationships) in the data sets. It is the most essential part of the knowledge-discovery process and has the potential to predict events or to assist in analysis. Data mining has elements of databases, statistics, artificial intelligence and machine learning. As demonstrated in this paper, Customs Administrations can become acquainted with data mining and the relationship with the risk management process. Stages in the risk management process The risk management process consists of six stages. In the first stage, risk finding takes place. Risk signals are collected from colleagues, other law enforcement organizations and own resources, like legislation. In the second stage the risk signals will be analyzed. The analyst tries to determine whether there is a possibility that the risk exists and if so, how the risk can be detected and how it has to be covered. This brings us to stage three. Preparations will be made for (physical) checks or audits. By preparation, we mean giving audit assignments and providing detailed instructions and knowledge. Then the audits or (physical) Risk finding Evaluation Covering Risk analysis Preparation What we call the begining is often an end And to make an end is to make a begining The end is where we start from. Thomas Stearns Eliot, Quatre Quartets Detection 1-22 1. RISK ASSESSMENT, PROFILING AND TARGETING

CONFIDENTIAL checks will be performed. In the detection stage, investigations will be made to determine whether the risks really exist. If so, the risks will be taken care of with appropriate measures. Here you can think of penalties and recovering the duties. After the covering stage the evaluation follows. In this stage we look back and analyse the results from the first five stages. Some conclusions out of this stage will be used in risk finding. Data mining in the risk management process Data mining software allows users to analyze large data sets from many different dimensions or angles, categorize it, and summarize the relationships identified. Technically, data mining is the process of finding correlations or patterns among dozens of fields in large databases. Customs Administrations have such large databases, for instance from the operational import and export systems. Data mining techniques help us to perform better in risk finding, analyzing and preparing for audits or (physical) checks. With data mining Customs Administration can gain time and can perform less (physical) checks with the same or even better results. Some of the applicable data mining techniques are shown below. With time series analysis, Customs Administrations can look for not known patterns, in order to discover new risks. Explaining a significant increase of trade for a certain product from a certain country of origin makes it possible that new risks will be found. This technique can be used in the stage of risk finding. With predictive modeling, one is able to produce estimations of unknown dependable variables at present or in the past. More commonly, with this method you can predict whether a situation will occur or has occurred. Techniques often used for this method are regression analysis, decision trees and neural networks. Those techniques are also suitable for making selection rules or for improving existing selection rules. With selection rules Customs Administrations can select import- and export shipments for a (physical) check. Experience tells us that the techniques mentioned above are of great importance in the stages risk analysis and preparation. Example of a time line. WEIGHT (IN KG) Douane Informatiecentrum, cluster Informatie op 01MAY2007 om 2:21 PM VALUE (IN!) 1000000 800000 Periode WEIGHT VALUE 1400000 1200000 1000000 600000 800000 400000 600000 400000 200000 200000 0 0 200301 200302 200303 200304 200305 200306 200307 200308 200309 200310 200311 200312 200401 200402 200403 200404 200405 200406 200407 200408 200409 200410 200411 200412 200501 200502 200503 200504 200505 200506 200507 200508 200509 200510 200511 200512 200601 200602 200603 200604 200605 200606 200607 200608 200609 200610 200611 200612 Product: P, country of origin: O, country of destination: 1. RISK ASSESSMENT, PROFILING AND TARGETING 1-23

CONFIDENTIAL Example of a decision tree in order to make a selection rule. In this example there are 115820 declarations in the first node, 5% of them are false. When the value >= 10257 and weight >= 8099 and value < 16794 then there are 84% false declarations in the node. So in that case there is an 84% change that every declaration, that fulfil those criteria, is false. On the other hand, 16% are looking very similar to the false ones. Those declarations are the first to be considered for an audit. 1: 5% 0: 95% N in node: 115820 VALUE < 9.5 (9.5, 10257) >= 10257 1: 0: N in node: 52% 48% 502 1: 0: N in node: 5% 95% 85317 1: 0: N in node: 3% 97% 30001 WEIGHT WEIGHT WEIGHT 2.665 >= 2.665 < 1786 >= 1786 < 8099 >= 8099 1: 0: N in node: 30% 70% 336 1: 0: N in node: 97% 3% 166 1: 0: N in node: 4% 96% 83384 1: 0: N in node: 60% 40% 1933 1: 0: N in node: 1% 99% 27397 1: 0: N in node: 18% 82% 2604 VALUE < 16794 [ 1679,28963.5) [28963.5, 42566.5) [42566.5, 54519.5) >=54519.5 1: 0: N in node: 84% 16% 157 1: 0: N in node: 55% 45% 259 1: 0: N in node: 28% 72% 335 1: 0: N in node: 15% 85% 293 1: 0: N in node: 3% 97% 1560 Example of a regression analysis for price outlier detection. The red dots are standing for declarations which deviate from the initial estimated price. 300 270 240 V A L U E 210 180 150 120 90 60 30 0 0 10 20 30 40 50 60 70 80 90 100 110 120 130 QUANTITY Estimated price without the two otliers = euro 3 Estimated price without the two otliers = euro 3 Initials estimated price = euro 2.75 Initials estimated price = euro 2.75 1-24 1. RISK ASSESSMENT, PROFILING AND TARGETING

CONFIDENTIAL Appendix IV: Guidelines on the Development and use of a National Valuation Database as a Risk Assessment Tool Preamble 1. These Guidelines address various issues pertaining to the development and use of a national valuation database. A national valuation database is a risk assessment tool which may be used by a Customs Administration along with other risk tools to assess potential risk regarding the truth or accuracy of the declared Customs value for imported goods. The information in the database should be recent data reflecting the Customs value and other pertinent information for previously imported goods. The values may not be used to determine the Customs value for imported goods, as a substitute value for imported goods, or as a mechanism to establish minimum values. In addition, recognizing that differences in prices, including substantial declines, are a part of international trade, a difference between the declared value and the database value(s) is not by itself a reliable indicator of potential risk with respect to the truth or accuracy of the declared value, subject to the provisions of Decision 6.1. 2. A Customs Administration that uses a valuation database should establish a monitoring mechanism to ensure that the database is being used as a risk assessment tool and that the information stored in the database is updated on a regular basis. Introduction 3. The Agreement on Implementation of Article VII of the GATT 1994, more commonly known as the WTO Agreement on Customs Valuation (the Agreement), introduces a fair, uniform and neutral system for the Customs valuation of imported goods, which is consistent with commercial practices and precludes the use of arbitrary or fictitious Customs values. 4. The basis for the valuation of goods under this system is, to the greatest extent possible, the transaction value of the imported goods which is the price actually paid or payable for the goods when sold for export to the country of importation, adjusted in accordance with the provisions of Article 8 of the Agreement. 5. Where the Customs value cannot be determined using the transaction value method, the Agreement provides for five other methods, to be used in turn. 6. Customs has the right to satisfy itself as to the truth or accuracy of the value declared. The application of an appropriate risk assessment and management procedure enables Customs to exercise this right in a pragmatic manner. Such procedures may use, inter alia, a valuation database. 7. The data contained in a valuation database should be treated in accordance with the applicable confidentiality provisions. 8. Within the context of Customs controls, Chapter 6 of the Guidelines on the General Annex to the Revised Kyoto Convention (Customs controls) includes the following definitions of the concepts of risk assessment and risk management: Risk assessment: The systematic determination of risk management priorities by evaluating and comparing the level of risk against predetermined standards, target risk levels or other criteria. Risk management: The systematic application of management procedures and practices which provide Customs with the necessary information to address movements or consignments which present a risk. 9. In the context of Customs valuation, application of the above concepts requires that risk assessment mechanisms must be selective and targeted. It is not appropriate to apply simple statistical or price indicators to all imports on a comprehensive basis, as a means to measure potential risk with regard to the truth or accuracy of Customs value. The development and use of a valuation database must take account of the above-mentioned risk assessment and management procedures. Use of a database 10. A valuation database may be used by a Customs Administration only as a risk assessment tool. 1. RISK ASSESSMENT, PROFILING AND TARGETING 1-25

CONFIDENTIAL It has to be designed specially to assess potential risk regarding the truth or accuracy of the declared value for imported goods. 11. Database management systems will usually enable a Customs Administration to compare the declared value to previously accepted Customs value(s). Recognizing that price variations are a normal part of international trade, the results of any such comparison do not in themselves represent a comprehensive or sufficient indicator of potential risk. Therefore, while an abnormally large difference between the declared value and the databases value(s) for that product could constitute a potential risk factor, any such difference must be considered along with other potential risk factors, such as the lack of supporting documentation, prior problems with the importer, etc., in determining what further action, if any, is appropriate with regard to the declared value. 12. Where the application of appropriate database technology indicates the existence of potential risk in well-defined circumstances, Customs may apply a number of measures. For example, Customs may place the operations of a particular importer under scrutiny and take appropriate monitoring action. In other cases where there are concrete indications that the declared values represent a risk with respect to their truth or accuracy, and after taking into account all the relevant risk factors the Customs Administration has doubts about the truth or accuracy of the declared value, it could follow the procedures set forth in Decision 6.1 of the WTO Committee on Customs Valuation. Such procedures start by asking the importer to provide further evidence to support the declared value. Another example of a measure that can be taken by Customs Administration in cases of potential risk is a post-importation audit of the importer. 13. The Customs Administration cannot reject the declared value based solely on a difference between the declared value and the database value(s). Rather, the value(s) stored in the database should, alongside other indicators applied by Customs, serve only as an indicator of potential risk and represents no more than initial indicative information helping to reinforce or dispel Customs doubts about the truth or accuracy of the declared value. 14. The database can also be used as a risk assessment tool to perform cross-checks in order to target specific import declarations for examination. 15. Normally, a valuation database should form part of a more extensive database embracing risk assessment linked to other aspects of the import/export operation, such as origin, tariff code number, importer s profile, exporter s profile, etc. 16. Each Customs Administration should determine, with reference to its own needs, which authorized staff will have access to the national valuation database. 17. The use of databases in the risk assessment context may occur at any stage : prior to the lodging of the import declaration, at the time when the declaration is lodged (verification of the data entered in the declaration), throughout the clearance process and/or after the goods have been released. Caveat regarding the use of a database 18. A Customs Administration may not: Use a database to determine the Customs value of imported goods, as a substitute value for imported goods or as a mechanism to establish minimum values; Reject the declared value solely on the basis of a difference between the declared value and the database values; Disregard the requirements of article 13 of the WTO Valuation Agreement (concerning release of imported goods upon sufficient guarantee) in order to employ a valuation database; or Use a valuation database as a substitute for other techniques, such as postimportation audit, to assess the truth or accuracy of the declared value. 1-26 1. RISK ASSESSMENT, PROFILING AND TARGETING

CONFIDENTIAL Data to be included in a database 19. Within the framework of a risk assessment policy for valuation, the data to be included in a valuation database may vary, depending on the state of development of the risk management policy of the Member concerned and should be based on relevant elements from the WCO Customs Data Model. 20. The usefulness of a valuation database as a risk assessment tool depends on the reliability and relevance of the data for the purposes of determining the truth or accuracy of the declared value. Therefore, the data should include the Customs value for previous importations determined in accordance with the Agreement. The data may also include the applicable method of valuation (for example, transaction value, computed value, etc.) and elements included in the Customs value (for example, assists, royalties, selling commissions, etc.). Other data from the import declaration, such as whether the parties are related, may also be included. 21. The data to be included in the database is generally the data found in the import declarations and supporting documents of previous importations. The database may also include other pertinent and reliable data for risk assessment purposes. 22. In an automated database, virtually all of this data could constitute key-words providing search access. For example, doing a search on country of origin should, at least, make it possible to find information about all importations of goods from the country concerned during a specified period; at best, it should provide a range of information about the type of goods exported from that country, etc. Validity of the data 23. In order to properly perform its function as a risk assessment tool, data in the database should be recent and up-to-date. What is considered recent and up-to-date may depend on the commodity involved, the frequency of price fluctuations, and other pertinent factors. Possibility of cross-checking 24. The database can also be used as a means of performing cross-checks in order to target those importations which are likely to contain a potential risk and, from that starting point, select the import declarations concerned for examination. 25. Thus, for example, if it has been established in the past - under the provisions of paragraphs 1 (d) and 2 of Article 1 of the Agreement, and paragraph 4 of Article 15 thereof - that a buyer/ importer is related to his supplier/seller, that this relationship has influenced the price, and that this has caused the declared value to be rejected, there could be a function in the system which selects all future declarations concerning transactions between that buyer/importer and that supplier/seller, so that Customs will be in a position to check whether the relationship still exists and, if so, whether it is still producing the same effects. 26. Similarly, if it has been established in the past - under the provisions of paragraph 1 (a) of Article 8 - that commissions (other than buying commissions) have been paid in connection with a transaction between a buyer/importer and a supplier/ seller, and the declared value was adjusted as a result, the system should be able to select all future declarations for transactions between that buyer/importer and that supplier/seller, so that Customs can check whether this type of payment is still being made and, where appropriate, adjust the declared value accordingly. 27. The same would apply to several other provisions of the Agreement (conditions of application of Article 1, goods and services supplied by the buyer, royalties, proceeds of resale, etc.). Monitoring Mechanism 28. A Customs Administration that uses a valuation database should establish a monitoring mechanism to ensure that it is being used only for the purpose of risk assessment described in these Guidelines and to ensure that the information in the database is updated on a regular and continual basis. 1. RISK ASSESSMENT, PROFILING AND TARGETING 1-27