The American Bar Association’s 5th Annual Homeland Security Conference in Washington earlier this month was notable for several reasons. The program featured a number of high-level speakers, many of whom served in the Bush administration, plus President Obama’s deputy adviser for homeland security and counterterrorism.
While it’s understandable that much of the focus continues to be on terrorism and other government, military and law enforcement functions, the lack of attention to the private sector is surprising. Yes, trade was acknowledged; one familiar speaker was Jayson P. Ahern, the recently retired acting Customs commissioner, who spoke about security as it relates to ocean transportation. There was even passing acknowledgment that the Transportation Security Administration is on course to implement by Aug. 3 100 percent scanning of all cargo loaded on passenger aircraft.
That was about it, but for one other seriously disturbing topic: Public Law 110-53, Section 523 contains provisions for a “voluntary” program called Public Sector Preparedness, or PS-Prep. The Department of Home-land Security has delegated development of the program to the Federal Emergency Management Agency, because its focus is preparedness. In the law, however, the DHS is tasked with consulting with the private sector to “develop guidance or recommendations and identify best practices to assist or foster action by the private sector” regarding the following:
-- Identifying potential hazards and assessing risks and impact.
-- Mitigating the impact of hazards, including weapons of mass destruction.
-- Managing emergency preparedness and response resources.
-- Developing mutual aid agreements.
-- Developing and maintaining emergency preparedness and response plans, and associated operational procedures.
-- Developing and conducting training and exercises to support and evaluate emergency preparedness and response plans and operational procedures.
-- Developing and conducting training programs for security guards to implement emergency preparedness and response plans and operational procedures.
-- Developing procedures to respond to requests for information from the media or the public.
Read literally, this law requires every business in America to develop a plan to deal with identifying and managing hazards and implementing preparedness plans. This might seem a desirable idea on its face, but the law’s provisions are vague, leaving final decisions for later, while fortunately mandating private-sector input.
The DHS has yet to significantly increase the number of private-sector advisory groups, so will this input come from notice and comment, or can we expect meaningful dialogue? From experience, we know how the government develops standards: it’s generally a painful process typically resulting in vague, sometimes impractical guidelines.
Perhaps more questionable is that the law calls for an accreditation program that demands third-party certification. While no standards have been set, the DHS already has designated the certifying agency — ANSI-ASQ. So, guess which entity will have a major influence over standards-setting? For international traders, the good work in establishing the Customs-Trade Partnership Against Terrorism or any other internal security program could go out the window because this third party decides your program isn’t good enough to meet the standards, whenever they are articulated.
We have heard repeatedly from Bush and Obama administration officials that heightened security efforts by the private sector should be accomplished through voluntary programs. In fact, the lack of regulations is one of the biggest criticisms of C-TPAT. When it comes to dealing with companies’ security actions, only the chemical industry has been hit with regulations. Yes, there are regulations dealing with advance manifest reporting, the Importer Security Filing rule and the like, but they arise in the context of an effort at moving goods or getting them released under government oversight.
When it comes to how companies themselves function, we have the C-TPAT and Free and Secure Trade standards, but nothing formally binding on the government or private sector. So, if you’re in an industry for which standards are finally set and you choose not to adopt them, you will likely find yourself on the nasty end of a lawsuit when an event occurs, facing a sizable damage award.
Congress has enacted another law with the best of intentions, but with little idea how much damage could be done to companies of all sizes. Other than mandating some level of private-sector input, there is no further guidance to the DHS. While emergency preparedness is a prudent step for all companies to take, and the PS-Prep standards supposedly will be stylized to each industry and set with significant private-sector input, there will be significant hurdles with clarity and implementation.
This is not what industry had in mind when it asked what it would do regarding business continuity/recovery. For more information about PS-Prep, see www.fema.gov/privatesector/preparedness/index.htm.
Susan K. Ross is an international trade attorney with Mitchell Silberberg & Knupp in Los Angeles. She can be contacted at firstname.lastname@example.org.