Forging the Future Strategies for Success

1
A Case Study in Effective C-TPAT Program
Management Supply-Chain 2007 North America
Conference and Exposition (March 19-21, 2007)
2
Session Overview

• Effective Program Management assures your C-TPAT
  (Customs Trade Partnership Against Terrorism)
  Security Program enhances the Total Supply Chain
  Strategy by improving
• speed,
• reliability and
• visibility
• while reducing total cost

3
Session Methodology Benefits

• This session uses the experience of Alcon
  Laboratories Inc. as a case study for managing
  international business trade and their security
  program.
• Additionally, this session provides an overview
  of the collateral benefits and cost reduction of
  an effective Compliance Program.

4
Improving Trade Compliance and Supply Chain
Security

• Key Project Management Principles
• The proper Context Global Trade Environment,
  Total Supply Chain Strategy, Trade Compliance and
  Risk Management
• Your program needs the proper Content Crisis
  Management and Business Continuity Planning
  Effective Service Provider Management and Import
  Event Management for in-transit visibility and
  accuracy

5
Why is Supply Chain Security Important?
Never forget Our supply chain can be used as a
weapon in a deadly war. C-TPAT has two primary
goals secure the supply chain while keeping
commerce moving.
6
What is the Government doing?

• Government agencies with Transportation Security
  Responsibility
• U.S. Customs and Border Protection (CBP)
• U.S. Coast Guard
• Maritime Administration (MARAD)
• Transportation Security Administration (TSA)
• National Targeting Center (NTC)
• Bureau of Industry and Security (BIS)

Source LBJ School of Public Affairs, University
of Texas Austin, 2006
7
What does Supply Chain Security Cost ?
Regulation Estimated Cost to Private Sector
Maritime Transportation Security Act of 2002 833 million/year, 7.244 billion Total (2003-2012)
24 hour rule (U.S.) 282 million/year
International Ship and Port Facility Security Code (ISPS) 1.28 billion up front, 730 million/year
Required Advanced Electronic Presentation of Cargo Information 91 million
Source LBJ School of Public Affairs, University
of Texas Austin, 2006
8
Alcons Supply Chain Strategy supports our Global
Vision
To be the first choice for eye care products and
the most respected eye care company in the world
9
Alcons Supply Chain Strategy

• Foundations of Alcons Strategy for Inventory
  Optimization
• Velocity Speed
• Reliability Customer Service
• Visibility Reliable Information

10
Alcons Total Security Management Approach

• Alcons Total Security Program is a layered
  security program that is designed to Deter,
  Detect, Impede and Identify Potential Intruders.
  The program incorporates physical security
  controls, procedural controls and an employee
  awareness and incident response initiative.
• Improving Total Supply Chain Security meets or
  exceeds the requirements of the C-TPAT program
  and the Supply Chain Strategy because a secure
  supply chain anticipates shipments which
  increases reliability, provides total in-transit
  visibility and reduces cycle-time.
• .

11
What steps did Alcon take to complete the C-TPAT
Security Process ?

• Alcon C-TPAT, Chronology of Key Events
• April 2004, Initial Application and Security
  Profile sent to US Customs and Homeland Security
• June 2004, Alcon Granted Membership as a
  Certified Business Partner
• March 2006, Alcon Participated in the CBP annual
  Meeting Supply Chain Security in a New
  Environment
• April 2006, Initial Validation meeting at Alcon
  Fort Worth
• June 2006, All activities in the initial
  Validation meeting Complete
• September 2006, Foreign Validation Meeting
  Completed at Alcon Belgium
• December 2006, CBP advised our Validation Report
  is complete and we are receiving Tier II benefits

12
What is Alcon doing to continue improving Supply
Chain Security ?

• Alcon C-TPAT Next Steps
• Our Supply Chain Security Specialist has
  indicated that we will have only two
  Recommendations in our final report
• 1. Continued Senior Management Support and
• 2. Continued Self Assessment
• We will participate in the 2007 Annual CBP
  Meeting in April Meeting in New Orleans to
  determine new program requirements

13
What is Alcon doing to continue improving Supply
Chain Security ?

• Alcon C-TPAT Next Steps cont
• Working with Supplier Quality Assurance and
  Purchasing to complete Supplier Surveys
• Will continue to provide Training through-out the
  Supply Chain Purchasing Meeting, GSL Annual
  Meeting, other Manufacturing Meetings
• TBD, Final Review of Alcons C-TPAT Program and
  receive final Certification (Hopefully Tier III)

14
Improving Trade Compliance and Supply Chain
Security

• Senior Management Support is needed
• The C-TPAT program is part of the Distribution
  and Transportation function with reporting up
  through Corporate Finance. This Cooperative
  Management structure allows the Trade Compliance
  function to benefit from the cross-functional
  support areas of the company and gives Senior
  Management support to the Import process

15
Improving Supply Chain Security Enhances the
Supply Chain Strategy

• Fundamentals of a Secure Supply Chain
• Velocity Inventory in transit should be moving
• Reliability Anticipate in-transit milestones
• Visibility Monitor In-transit, quickly identify
  delays, reduce loss and damage, decrease recovery
  of lost merchandise, and improve the claims
  process

16
Benefits of Total Supply Chain Security

• Reduced Customs inspections by 48
• Reduced in transit time by 29
• Improves asset visibility by 50
• Improves on-time shipping to customers by 30
• Reduces time taken to identify problems by 21
• Reduces theft in inventory management by 38
• Reduces excess inventory by 14
• Reduces customer attrition by 26
• Source Stanford University Global Supply Chain
  Forum titled Innovators in Supply Chain
  Security Better Security Drives Better Business
  Value

17
Benefits Alcon Identified by Improving Supply
Chain Security and Compliance

• 1. Improved communication with the Forwarders
  and Brokers
• 2. Reduced Refrigerated shipping cost by 325.00
  per Container
• 3. Increased understanding of the Supply Chain
  Strategy, Inventory reduction and cycle-time
  management as well as total cost impact of
  sourcing decisions
• 4. Reduced Import transactional cost by 12
• 5. Increased in transit visibility for Imports
  to 100

18
Benefits Alcon Identified by Improving Supply
Chain Security and Compliance

• 6. Increased Records Management compliance for
  Import Documentation (electronic storage)
• 7. Reduced Transit time for Ocean Freight by 20
• 8. Increased door-to-door shipping compliance
  and
• Consolidated all imports to one broker
• 9. Increased benefits from Special Trade
  Programs and reduced duty payments (saving 3.5
  on an average transaction)
• 10.Generated Cost Savings in excess of the
  Payroll for budget for the Compliance Organization

19
Benefits Alcon Identified by Improving Supply
Chain Security and Compliance

• 11. Demonstrated Reasonable Care in management of
  the Import Process- This will mitigate
  potential fines and penalties for the Import
  Focused Assessment (FA) program. (you cant be
  negligent or grossly negligent and exercise
  reasonable care at the same time)
• Potential FA penalty and fines
• 20 of Imported Value for Negligent Behavior
• 40 of the Imported Value for Gross Negligent
  behavior
• 12. Prevent Threats and avoid negative Brand
  Image impact

20
Lessons Learned when Implementing a Customs
Compliance Program

• 1. Performance gets worse before it gets better
• 2. When selecting out-side consulting
  resources choose wisely
• 3. Challenge what you are told by out-side
  resources
• 4. Manage by facts and data
• 5. Verify findings by reading the law and
  regulations

21
Lessons Learned with the Customs Compliance
Program

• 6. Check Customs Rulings
• 7. Establish a Steering Committee for proper
  over site and management of the Import Process
• 8. Take every opportunity to communicate the
  strategy Purchasing Council Meetings, Traffic
  Council Meetings, Manufacturing Strategy
  Meetings, Distribution Strategy Meetings, Global
  Supply Chain Meetings

22
Lessons Learned with the Customs Compliance
Program

• 9. Select the right leader for the Compliance
  Program
• Self starter with internal motivation
• Culture fit for the organization
• Team player with a wide knowledge of the
  organization
• Resourceful, Creative and Intuitive
• Strong Business acumen (understands your business
  and the industry)
• Diligent Persistent with ability to Multi-task
• Determination and commitment to total quality and
  continuous improvement

23
Compelling Reasons for Crisis Management Response

• Be ready for unexpected events and have a
  strategy for Crisis Management and Business
  Continuity
• The unexpected should be anticipated

24
Hemel Hempstead, England 605 AM, Sunday 11th
December 2005
Damage to Neighbor
25
Time line of Disaster and Recovery Alcon UK
Offices and Distribution

• Sunday 12/11/05 _at_ 605 AM Explosion at Buncefield
  Fuel Depot
• Sunday 12/11/05 _at_ 7.10 AM Alcon UKs Business
  Recovery Plan Activated
• -- Back-up Computer and Service Centre in nearby
  Milton Keynes
• -- Corporate and Key Alcon Supply points
  notified
• Monday 12/12/05 Skeleton Crew assembled in
  Back-up location
• -- AM - begin notifying customers
• -- PM - begin accepting customer orders
  (manually) and answering inquiries
• Wednesday 12/14/05 First shipments to
  end-customers, direct from Alcon Belgium, Alcon
  France, Alcon Spain, Alcon USA
• Friday 12/16/05 First opportunity to see
  premises first-hand. Offices and warehouse
  considered unsafe. Loss of all Inventory.

26
Total Security Enhances the Supply Chain Strategy

• As supply chains become more global we must
  improve our speed, reliability, and flexibility.
  
• We must reduce cycle time of our internal
  processes.

27
Total Security Enhances the Supply Chain Strategy

• As supply chains become more global we must have
  real-time visibility to our products wherever
  there may be, anywhere in the world.

28
Compelling Reasons for Lower Inventory

• Reduce Working Capital
• Lower Inventory Carrying Costs
• Lower Finished Goods Obsolescence and Scrap
  Costs
• Lower Warehouse Space Requirements
• Lower Material Handling Costs

29
High Impact Short Term Opportunities for Your
Enterprise

• Take Time out of the process
• Take Variability out of the process
• Improve the Visibility of the process
• Improve Total Security
• Improve Trade Compliance and take advantage of
  special duty programs
• Reduce Transportation cost
• Reduce Transaction cost
• Implement a cost reduction program in conjunction
  with your compliance and security initiatives

30
The Importer Is Obligated to

• Conduct a comprehensive assessment of the
  Importers supply chain (s)
• Business Partner requirements
• Cargo Security, Container Security, Physical
  Access Controls
• Personnel Security, Procedural Security, Physical
  Security
• Security Training/Threat Awareness
• Information Technology Security
• Develop a written and verifiable process for
  determining risk throughout the supply chain
• Implement and maintain appropriate security
  measures
• Complete and upload the Supply Chain Security
  Profile
• Develop and implement a written and verifiable
  process for the selection of business partners
• Develop and implement a periodic Self-Assessment
  Program
• Notify the CBP of all changes in the importers
  information on file

31
The CBP is obligated to

• Provide feedback and guidance within 60 days of
  receipt
• Provide technical assistance and recommendations
• Provide incentives and benefits including
  expedited processing of C-TPAT shipments
• Assign a Supply Chain Security Specialist to
  server as a CBP liaison
• Ensure all information remains confidential
• This agreement does not relieve the Importer of
  any responsibilities with respect to the United
  States law, including CBP regulations.

32
C-TPAT Compliance Management

• Compliance Management is a framework designed
  tomodel the full spectrum of components needed
  to fulfill therequirements of a comprehensive
  C-TPAT program
• It is based on the real-world leading practices
  ofimporters
• It is scalable, from small business to the
  largestdiversified companies
• C-TPAT Compliance Management is valuable in
  structuring a common nomenclature for
  communicating within an organization and to
  external parties
• A companys action plan is guided by where the
  organization considers the maturity of each
  component of the framework

Assess
Plan
Implement
Optimize
33
Compliance Management Framework
Corporate Governance
CTPAT Risk Assessment
Investigations Reporting
Risk-Based Trading Partner Due Diligence
Trading Partner Transactions
Program Management
Policies
Written Procedures
Project Planning/Execution
Single Trading Partner View Data
Training/Self-Testing
Independent Audit
34
Compliance Management Framework
Corporate Governance
1
CTPAT Risk Assessment
2
Investigations Reporting
Risk-Based Trading Partner Due Diligence
5
3
Trading Partner Transactions
4
Program Management
Policies
Written Procedures
Project Planning/Execution
Single Trading Partner View Data
6
Training/Self-Testing
Independent Audit
35
Enterprise Foundation

• Enterprise Foundation determines an
  organizations ability to respond to changes in
  both the business and regulatory environment.
• Corporate Governance. Effective risk management
  requires top down direction, so the tone at the
  top is critical to ensure that a CTPAT mindset
  permeates the organization.
• Program Management. An on-going initiative
  across business units and partners to achieve a
  common goal though processes, standards and
  technology.
• Independent Audit. Provides independent testing
  of and organizations ability to execute on
  established CTPAT policies and procedures.
• Policies. The board of directors is actively
  involved in reviewing and approving policies
  related to CTPAT.

1
36
Principal Capabilities

• Four Principal Capabilities serve as the backbone
  of an organizations CTPAT program
• CTPAT Risk Assessment. The CTPAT Risk
  Assessment should be an on-going, dynamic process
  that produces a Risk Profile based on an
  organizations products, geography and trading
  partner characteristics.
• Project Planning / Execution. A demonstrated
  ability to plan and execute on CTPAT projects
  through a program office if needed
• Training / Self-Testing. Training at all levels
  from the boardroom to the stevedores effective
  self-testing of CTPAT controls
• Written Procedures that reflect the
  organizations current CTPAT program and are
  known and practiced by individuals in all areas
  of the organization.

2
37
Risk Based Trading Partner Due Diligence

• Regulators are stressing the importance of a Risk
  Based Approach to compliance in all areas and at
  all levels.
• Complete an organizational risk assessment and
  document your risk profile
• Your risk profile is the starting point for
  negotiation of what is required
• Companies are expected to have an Enterprise-wide
  CTPAT Program.
• Enterprise-wide includes subsidiaries
• A program is on-going initiative across business
  units and subsidiaries to achieve a common goal
  through the application of structure, processes,
  standards and technology
• Technology and procedures must line up with your
  documented policies and must be adequate for the
  companys risk profile.
• Expectations vary by risk profile and
  organization size
• This years stretch will be next years
  expectation
• Old polices, procedures, training and technology
  are rarely adequate in this new environment.
• While not specifically required by regulation,
  expectations are increasing that each trading
  partner and account must be risk rated with
  specific review policies in place based on the
  level of risk.

38
Risk Based Trading Partner Due Diligence
Trading Partner Account
High Risk Account Management Program
Mandatory Due Diligence
Dynamic EDD(risk profile based)
2ND Level EDD(risk rating based)
3
Regulatory Mandates (e.g. CTPAT)
Company Profilebased QA
Dynamic EDD Exception Processing
Referral Management
Partner / Account profile based QA
Reputational Research
Corporate Policy Requirements (e.g. Current
Government ID)
Identity Verification
Periodic Account Reviews
Suspect List Checking
Transaction Risk Rating Prioritization
Trading Partner Risk Rating
KYTP Information
Dynamic Partner Profile
Dynamic Account Profile
Customer Vetting
Mandated Record Retention
Document Storage Retention
Due Diligence Audit Trail
39
Trading Partner Transaction Analysis
4
40
Investigations and Reporting
5
41
Single Trading Partner View
6
42
In Summary

• Why implement an Enterprise-wide compliance
  program?
• Because the regulators expect it.
• In the future they will demand it!