As we start 2015, the question for international traders is how much more can change? Put another way, what will happen next?
As we look back over the past year, we see a variety of challenges: unilateral regulatory action by one agency or another; the attempted criminalization of vehicle exports; an unclear decision about when officers may be liable for the gross negligence of their corporations; questions of unfair competition; continuing significant anti-bribery and anti-corruption fines; large fines for export violations; prosecution over trade secrets; and hurdles to implementation of the Food Safety Modernization Act; ongoing challenges to the conflict minerals rules implemented by the Securities and Exchange Commission; and a plethora of anti-dumping and countervailing duty findings.
Honestly, some variation of this list has existed for the last few years, but the question remains: What can we expect in 2015?
No one is foolish enough to think the points summarized won’t continue into the near future, but there seems to be a notable set of trends worth highlighting, including the ever-increasing cost of regulatory compliance. Whether your company is large or small, regulators and prosecutors will measure the consequence of a misstep in large part by the scope and implementation of your compliance plan. For companies of any size, the question long ago stopped being whether you need a compliance program, and became what it must cover, who will oversee it and how to manage the cost.
By way of example, a recent case raised the conflict between California state and U.S. federal law regarding when a product qualifies as Made in USA. The case, while not leading to fundamental changes in product labeling, served as a reminder that laws and regulations at many levels need to be integrated into that compliance program.
Similar conflicts are common between state and federal laws or for regulations around many types of products, especially food and medical devices, where local officials tout their protection of public health. This theme is especially emphasized when a local prosecutor seeks to charge a felony in liability cases where federal law provides only for misdemeanor.
Examples of other ongoing issues with potentially great impact are the continuing First Amendment challenge to the conflict minerals rules enacted by the SEC, and the Food and Drug Administration’s herculean efforts to implement all the provisions mandated by the Food Safety Modernization Act. Add to this the quicksand of social accountability, and you have a wealth of challenges for any company, no matter its size or financial wherewithal.
And this is just the tip of the iceberg. Another theme to watch is enforcement — the increased efforts of agencies, at all levels, to seek more serious consequences when missteps occur. This is a largely quiet phenomenon, because so many of those efforts never see the public light. They are conducted within the confidentiality of the regulatory process, so little is known about them unless the company under review is publicly traded and, therefore, must state in its annual financial report the reserve it has set aside to address a particular investigation.
Admittedly, the Commerce, State and Justice departments, as well as the SEC are permitted to publicize their civil and criminal cases, but the same is not true with Customs and Border Protection. CBP and Homeland Security Investigations have lost their most experienced professionals to retirement, and a lot of institutional knowledge went with them. As a result, they’re still struggling to put together any significant trade fraud cases.
Those two agencies in particular have enhanced their efforts at trade enforcement with varying levels of success. Now that former Acting Customs Commissioner Tom Winkowski has moved to Immigration and Customs Enforcement, HSI’s parent, it’s reasonable to expect those efforts to expand, and their success levels rise accordingly.
At the same time, the proliferation of counterfeit goods continues to haunt the supply chain, public and private. CBP hopes its Centers for Excellence and Expertise will aid in diminishing that problem, but there is nothing to suggest a serious dent has been made in the staggering quantities of illegal goods available in the marketplace. The illustration most often used to illustrate the threat requires little imagination: Suppose a counterfeit integrated circuit got into the guidance system of a missile. If a missile was launched by American armed forces but controlled by a hostile party, one can easily imagine the damage that could occur.
The one new issue is cybersecurity, which has gotten plenty of publicity in the last year because of high-profile cases of hacking and intrusions at Target and Home Depot, among others. The threat, however, extends far into the commercial supply chain, and has nothing to do with counterfeit chips.
The Senate Armed Services Committee, for example, released a report in September entitled “Inquiry Into Cyber Intrusions Affecting U.S. Transportation Command Contractors.” Before you write this off as applying to the military supply chain, keep in mind most of the contractors are civilian airlines — some 30 of which handle about 90 percent of the passenger moves for the Defense Department and control about one-third of the bulk cargo capacity — and vessel operators, which moved about 95 percent of Defense-related dry cargo in 2012.
The report discusses successful intrusions into the controlling computer of a vessel at sea and separately into that of an airplane. The report makes clear the hackers were Chinese and stole e-mails, documents, flight details, credentials and personal identification numbers, user accounts, passwords (some for encrypted e-mails) and source codes. That malware was involved from a phishing e-mail is also highlighted. In case that wasn’t close enough for you, a logistics provider also was hacked successfully.
Does this sound familiar? Have you implemented a policy providing cybersecurity training for your staff? Consider this scenario: Someone on staff receives a questionable e-mail, fails to realize it is a phishing e-mail, and clicks on the link inadvertently. The malware is downloaded, and the employee subsequently receives a ransom-ware e-mail stating that unless a certain sum is paid in bitcoins by a specific date, the system will be shut down.
Instead of alerting IT, which could address the intrusion, the employee deletes or ignores the e-mail. The system inevitably is locked, forcing the company to pay $1,500 or $2,000 in bitcoins to obtain the unlock key. It weighs whether or not to do so, and realizes the cost is miniscule in comparison to what it would take to reinstall all the programs and files. It pays the money and obtains the unlock key, but the system is interrupted seriously for four weeks while it’s cleaned of the infection the malware installed.
If you work at a large company, your company is a target for cyber hackers for criminal reasons, industrial espionage or to compromise national security. If you’re a smaller company or service provider to any large company, you’re at risk because you’re a link to that larger company, and your resources are much easier to crack than that of the large company.
Further, if you carefully read the stories about the retailer intrusions, many of the attacks were successful because they exploited the system of a smaller company linked to the larger company’s system for perfectly legitimate reasons.
When you add all of that to the recent story shared by an ICE agent about drug smugglers in Europe co-opting a terminal’s computer at the Port of Antwerp in order to locate their containers so as to remove their stash of drugs before being found by local customs authorities, you quickly realize cybersecurity is a problem in the commercial supply chain that is worthy of rapt attention.
The common theme running through all of these issues and many more is due diligence around compliance policies and procedures. In other words, your company’s success is tied directly to your people and how well they work together and follow the rules — and, of course, the consequences of not doing so.
In the end, identifying key business issues and strengthening the compliance policies and procedures at affordable cost is really the key facing companies in 2015 and beyond.
Susan Kohn Ross is an international trade attorney with Mitchell Silberberg & Knupp in Los Angeles. Contact her at skr@msk.com.