U.S. Customs and Border Protection (CBP) recently issued the following publication on the procedures that CBP expects brokers to follow in the event of a cybersecurity issue:
Some key points to note are the following:
- Brokers should report cybersecurity incidents as soon as possible to CBP’s Security Operations Center (SOC) at [email protected] AND [email protected]. Separately, pursuant to the new regulatory requirement at 19 C.F.R. §111.21(b), brokers must report any known breaches of their physical or electronic records to the SOC no later than 72 hours after discovery. The SOC can also be reached via telephone at 703-921-6507.
- Brokers should also report any outages related to cybersecurity incidents to impacted PGAs. CBP’s Office of Trade will provide brokers with the relevant contacts if requested.
- CBP will determine on a case-by-case basis whether the cybersecurity incident warrants authorization of “downtime” procedures for the broker. If so, the broker will be able to submit electronic copies of documents to CBP in order to secure releases. Once the incident has been resolved, the broker must transmit the entries to CBP through ACE within five business days.
- CBP will exercise discretion in bringing enforcement actions for any violations that arise during a cybersecurity incident. However, CBP notes that it cannot exercise discretion for statutory or regulatory deadlines relating to PSCs, protests, reconciliation, post-import FTA claims under 1520(d) and drawback. Deadlines for these actions cannot be tolled.
- Under the relevant statutes, CBP cannot exercise discretion for interest when duties, taxes and fees are paid late even in the context of a cybersecurity incident.
We encourage brokers to review this document carefully so they are aware of the relevant steps that must be taken in cases of cybersecurity breaches. As always, feel free to contact any of our attorneys should you have questions or concerns.