“(a) In general.—There is established within U.S. Customs and Border Protection a voluntary government-private sector partnership program to be known as the Customs Trade Partnership Against Terrorism (CTPAT).

“(b) Purpose.—The purposes of the CTPAT program are to—

“(1) strengthen and improve the overall security of the international supply chain and United States border security;

“(2) facilitate the movement of secure cargo through the international supply chain;

“(3) ensure compliance with applicable law; and

“(4) serve as the Authorized Economic Operator program for the United States.

“(c) Director.—There shall be at the head of the CTPAT program a Director, who shall report to the Executive Assistant Commissioner of the Office of Field Operations (in this subtitle referred to as the ‘Executive Assistant Commissioner’) of U.S. Customs and Border Protection.

“(d) Duties.—The Director of the CTPAT program shall—

“(1) oversee the activities of the CTPAT program, including certification of CTPAT participants;

“(2) evaluate and make revisions to security criteria pursuant to subsections (c) and (d) of section 213;

“(3) ensure that participants receive a tangible and measurable benefit for participation; and

“(4) carry out other duties and powers prescribed by the Executive Assistant Commissioner.

“(a) Eligible entities.—

“(1) IN GENERAL.—Importers, exporters, customs brokers, forwarders, air, sea, and land carriers, contract logistics providers, and other entities in the international supply chain and intermodal transportation system are eligible to apply for participation in the CTPAT program.

“(2) EXPANSION.—The Commissioner may expand the list of entities eligible to apply for CTPAT participation only in accordance with the purpose of the CTPAT program.

“(b) Tiered participation.—

“(1) IN GENERAL.—Applicants specified in subsection (a) may be eligible to participate as Tier 1 or Tier 2 participants.

“(2) IMPORTERS.—Importers may be eligible to participate as Tier 3 participants.

“(3) EXTENSION.—The Commissioner may extend Tier 3 participation to other entity types, if appropriate, and to specific Tier 2 CTPAT program participants in accordance with section 217(b).

“(c) Notice of benefits.—

“(1) IN GENERAL.—The Commissioner shall publish, on the U.S. Customs and Border Protection website and through other appropriate online publication, information about benefits available under each tier of the CTPAT program.

“(2) CHANGES.—The Commissioner shall publish, on the U.S. Customs and Border Protection website and through other appropriate online publication, notice of any changes to benefits available under each tier of the CTPAT program not later than 30 days before any such changes take effect.

“(a) In general.—The Executive Assistant Commissioner shall review all documentation submitted by an applicant pursuant to subsection (b)(2), conduct a background investigation of such applicant, and vet such applicant.

“(b) General requirements.—To be eligible for participation in the CTPAT program, an entity shall, at a minimum—

“(1) have a designated company employee authorized to bind such entity who is a direct company employee and will serve as the primary point of contact responsible for participation of such entity in the CTPAT program;

“(2) at the time of initial application and annually thereafter, including in advance of any recertification or revalidation, submit an international supply chain security profile, which shall identify how such entity meets the minimum security criteria of the CTPAT program established by the Commissioner and how such entity will maintain and enhance internal policies, procedures, and practices related to international supply chain security; and

“(3) meet any specific requirements for eligible entities, as established by the Commissioner.

“(c) Minimum security criteria.—The Commissioner shall establish minimum security criteria for participants in the CTPAT program, review such minimum security criteria not less than once every two years, and update such minimum security criteria as necessary. Such minimum security criteria shall seek to address security vulnerabilities in the international supply chain.

“(d) Additional and updated criteria.—The Commissioner may establish additional and updated security criteria for individual CTPAT program participants, categories of CTPAT program participants, or particular entity types to meet in order to address a security vulnerability in the international supply chain.

“(e) Consultation.—When establishing or updating security criteria in accordance with subsection (c), and when establishing new or updated security criteria in accordance subsection (d), the Commissioner shall consult with CTPAT program participants and other interested parties, and shall—

“(1) conduct a cost benefit analysis of such proposed new or updated security criteria, as the case may be, in consultation with the Commercial Customs Operations Advisory Committee established under section 109 of the Trade Facilitation and Trade Enforcement Act of 2015 (Public Law 114–125; 19 U.S.C. 4316);

“(2) determine operational feasibility and, where appropriate, provide best practices for meeting such new or updated security criteria to CTPAT program participants specific to their entity type;

“(3) conduct a phased implementation of such proposed new or updated security criteria; and

“(4) provide CTPAT program participants and other interested parties a 90-day comment period to review and comment on such proposed new or updated security criteria.

“(f) Waiver.—The Commissioner may waive the requirements of subsection (e) if the Commissioner determines there is a significant and imminent risk to the national security of the United States and such a waiver is necessary to protect such national security. Not later than 120 days after the issuance of any such waiver, the Commissioner shall announce on the U.S. Customs and Border Protection website and through other appropriate online publication the Commissioner’s intent to either withdraw such waiver or maintain such waiver while commencing efforts to establish new or updated security criteria in accordance with subsection (c) or (d), respectively.

“SEC. 214. Benefits for CTPAT program participants.

“(a) Certification.—The Executive Assistant Commissioner shall certify the security measures and international supply chain security practices of all applicants to and participants in the CTPAT program in accordance with section 213(b)(2) and the guidelines referred to in subsection (c) of this section. Certified participants shall be Tier 1 participants.

“(b) Benefits for tier 1 participants.—Upon completion of the certification under subsection (a), a CTPAT program participant shall be certified as a Tier 1 participant. The Executive Assistant Commissioner shall extend limited benefits to a Tier 1 participant.

“(c) Criteria.—Not later than 180 days after the date of the enactment of this subtitle, the Commissioner shall update the criteria for certifying a CTPAT program participant’s security measures and supply chain security practices under this section. Such criteria shall include a background investigation and review of appropriate documentation, as determined by the Commissioner.

“(d) Timeframe.—To the extent practicable, the Executive Assistant Commissioner shall conclude the Tier 1 certification process within 90 days of receipt of a completed application for participation in the CTPAT program.

“(a) Validation.—The Executive Assistant Commissioner shall validate the security measures and international supply chain security practices of a Tier 1 CTPAT program participant in accordance with the guidelines referred to in subsection (c) to validate such participant as a Tier 2 participant. Such validation shall include on-site assessments at appropriate foreign and domestic locations utilized by such Tier 1 participant in its international supply chain.

“(b) Benefits for tier 2 participants.—The Executive Assistant Commissioner, shall extend benefits to each CTPAT participant that has been validated as a Tier 2 participant under this section. Such benefits may include the following:

“(1) Reduced scores in U.S. Customs and Border Protection’s Automated Targeting System or successor system.

“(2) Reduced number of security examinations by U.S. Customs and Border Protection.

“(3) Penalty mitigation opportunities.

“(4) Priority examinations of cargo.

“(5) Access to the Free and Secure Trade (FAST) Lanes at United States ports of entry.

“(6) Confirmation of CTPAT status to foreign customs administrations that have signed Mutual Recognition Arrangements with U.S. Customs and Border Protection.

“(7) In the case of importers, eligibility to participate in the Importer Self-Assessment Program (ISA) or successor compliance program.

“(8) In the case of sea carriers, eligibility to participate in the Advance Qualified Unlading Approval (AQUA) Lane process.

“(c) Criteria.—Not later than 180 days after the date of the enactment of this subtitle, the Commissioner shall develop a schedule and update the criteria for validating a CTPAT participant’s security measures and supply chain security practices under this section.

“(d) Timeframe.—To the extent practicable, the Executive Assistant Commissioner shall complete the Tier 2 validation process for a CTPAT program participant under this section within one year after certification of such participant as a Tier 1 participant.

“(a) In general.—The Commissioner shall establish a third tier of CTPAT program participation that offers additional benefits to CTPAT program participants that are importers or other entity types, in accordance with section 212(b), that demonstrate a sustained commitment to maintaining security measures and international supply chain security practices that exceed the guidelines established for validation as a Tier 2 participant in the CTPAT program under section 216.

“(b) Best practices.—The Commissioner shall provide a best practices framework to Tier 2 participants interested in Tier 3 status and may designate a Tier 2 CTPAT program participant as a Tier 3 participant based on a review of best practices in such participant’s international supply chain that reflect a continued approach to enhanced international supply chain security, including—

“(1) compliance with any new or updated criteria established by the Commissioner under section 213(d) that exceed the guidelines established pursuant to section 216 for validating a CTPAT program participant as a Tier 2 participant; and

“(2) any other factors that the Commissioner determines appropriate that are provided in such best practices framework.

“(c) Benefits for tier 3 participants.—The Executive Assistant Commissioner shall extend benefits to each CTPAT program participant that has been validated as a Tier 3 participant under this section, which, in addition to benefits for Tier 2 participation, may include the following:

“(1) Further reduction in the number of examinations by U.S. Customs and Border Protection.

“(2) Front of the line inspections and examinations.

“(3) Exemption from Stratified Exams.

“(4) Shorter wait times at United States ports of entry.

“(a) In general.—If at any time the Executive Assistant Commissioner determines that a CTPAT program participant’s security measures or international supply chain security practices fail to meet applicable requirements under this subtitle, the Executive Assistant Commissioner may deny such participant benefits otherwise made available pursuant to this subtitle, either in whole or in part. The Executive Assistant Commissioner shall develop procedures, in consultation with Commercial Customs Operations Advisory Committee established under section 109 of the Trade Facilitation and Trade Enforcement Act of 2015 (Public Law 114–125; 19 U.S.C. 4316), that provide appropriate protections to CTPAT program participants, including advance notice and an opportunity for such participants to provide additional information to U.S. Customs and Border Protection regarding any such alleged failure, before any of such benefits are withheld. Such procedures may not limit the ability of the Executive Assistant Commissioner to take actions to protect the national security of the United States.

“(b) False or misleading information; lack of compliance with law.—If a CTPAT program participant knowingly provides false or misleading information to the Commissioner, the Executive Assistant Commissioner, Director, or any other officers or officials of the United States Government, or if at any time the Executive Assistant Commissioner determines that a CTPAT program participant has committed a serious violation of Federal law or customs regulations, or if a CTPAT program participant has committed a criminal violation relating to the economic activity of such participant, the Executive Assistant Commissioner may suspend or remove such participant from the CTPAT program for an appropriate period of time. The Executive Assistant Commissioner, after the completion of the process described in subsection (d), may publish in the Federal Register a list of CTPAT program participants that have been so removed from the CTPAT program pursuant to this subsection.

“(c) National security.—If at any time the Executive Assistant Commissioner determines that a CTPAT program participant poses a significant and imminent risk to the national security of the United States, the Executive Assistant Commissioner may suspend or remove such participant from the CTPAT program for an appropriate period of time. The Executive Assistant Commissioner, after the completion of the process described in subsection (d), may publish in the Federal Register a list of CTPAT program participants that have been so removed from the CTPAT program pursuant to this subsection.

“(d) Right of appeal.—

“(1) IN GENERAL.—The Commissioner shall establish a process for a CTPAT program participant to appeal a decision of the Executive Assistant Commissioner under subsection (a). Such appeal shall be filed with the Commissioner not later than 90 days after the date of such decision, and the Commissioner shall issue a determination not later than 90 days after such appeal is filed.

“(2) APPEALS OF OTHER DECISIONS.—The Commissioner shall establish a process for a CTPAT program participant to appeal a decision of the Executive Assistant Commissioner under subsections (b) and (c). Such appeal shall be filed with the Commissioner not later than 30 days after the date of such decision, and the Commissioner shall issue a determination not later than 90 days after such appeal is filed.

“(a) In general.—The Commissioner may recognize regulatory inspections of entities conducted by other components of the Department of Homeland Security as sufficient to constitute validation for CTPAT program participation in cases in which any such component’s inspection regime is harmonized with validation criteria for the CTPAT program. Such regulatory inspections shall not limit the ability of U.S. Customs and Border Protection to conduct a CTPAT program validation.

“(b) Revalidation.—Nothing in this section may limit the Commissioner’s ability to require a revalidation by U.S. Customs and Border Protection.

“(c) Certification.—Nothing in this section may be construed to authorize certifications of CTPAT applicants to be performed by any party other than U.S. Customs and Border Protection.

“(a) Recertification.—The Commissioner shall implement a recertification process for all CTPAT program participants. Such process shall occur annually, and shall require—

“(1) a review of the security profile and supporting documentation to ensure adherence to the minimum security criteria under section 213; and

“(2) background checks and vetting.

“(b) Revalidation.—The Commissioner shall implement a revalidation process for all Tier 2 and Tier 3 CTPAT program participants. Such process shall require—

“(1) a framework based upon objective, risk-based criteria for identifying participants for periodic revalidation at least once every four years after the initial validation of such participants;

“(2) on-site assessments at appropriate foreign and domestic locations utilized by such a participant in its international supply chain; and

“(3) an annual plan for revalidation that includes—

“(A) performance measures;

“(B) an assessment of the personnel needed to perform such revalidations; and

“(C) the number of participants that will be revalidated during the following year.

“(c) Revalidation under a mutual recognition arrangement.—

“(1) IN GENERAL.—Upon request from the Commissioner, all Tier 2 and Tier 3 CTPAT program participants shall provide any revalidation report conducted by a foreign government under a Mutual Recognition Arrangement.

“(2) RECOGNITION.—The Commissioner may recognize revalidations of entities conducted by foreign governments under a Mutual Recognition Arrangement as sufficient to constitute a revalidation for CTPAT program participation under subsection (b).

“(3) NO LIMITATION.—Nothing in this subsection may be construed to limit the Commissioner’s ability to require a revalidation by U.S. Customs and Border Protection.

“(d) Designated company employees.—Only designated company employees of a CTPAT program participant under section 213(b)(1) are authorized to respond to a revalidation report. Third-party entities are not authorized to respond to a revalidation report.

“The Commissioner shall consider the potential for participation in the CTPAT program by importers of noncontainerized cargoes and non-asset-based third-party logistics providers that otherwise meet the requirements under this subtitle.

“(a) In general.—The Commissioner shall establish sufficient internal quality controls and record management, including recordkeeping (including maintenance of a record management system in accordance with subsection (b)) and monitoring staff hours, to support the management systems of the CTPAT program. In managing the CTPAT program, the Commissioner shall ensure that the CTPAT program includes the following:

“(1) A five-year plan to identify outcome-based goals and performance measures of the CTPAT program.

“(2) An annual plan for each fiscal year designed to match available resources to the projected workload.

“(3) A standardized work program to be used by agency personnel to carry out the certifications, validations, recertifications, and revalidations of CTPAT program participants.

“(4) In accordance with subsection (e), a standardized process for the Executive Assistant Commissioner to receive reports of suspicious activity, including reports regarding potentially compromised cargo or other national security concerns.

“(b) Documentation of reviews.—

“(1) IN GENERAL.—The Commissioner shall maintain a record management system to document determinations on the reviews of each CTPAT program participant, including certifications, validations, recertifications, and revalidations.

“(2) STANDARDIZED PROCEDURES.—To ensure accuracy and consistency within the record management system required under this subsection, the Commissioner shall develop, disseminate, and require utilization of standardized procedures for agency personnel carrying out certifications, validations, recertifications, and revalidations to report and track information regarding the status of each CTPAT program participant.

“(c) Confidential information safeguards.—In consultation with the Commercial Customs Operations Advisory Committee established under section 109 of the Trade Facilitation and Trade Enforcement Act of 2015 (Public Law 114–125; 19 U.S.C. 4316), the Commissioner shall develop and implement procedures to ensure the protection of confidential data collected, stored, or shared with government agencies or as part of the application, certification, validation, recertification, and revalidation processes.

“(d) Resource management staffing plan.—The Commissioner shall—

“(1) develop a staffing plan to recruit and train staff (including a formalized training program) to meet the objectives identified in the five-year strategic plan under subsection (a)(1); and

“(2) provide cross-training in post incident trade resumption for the CTPAT Director and other relevant personnel who administer the CTPAT program.

“(e) Engagement.—In carrying out the standardized process required under subsection (a)(4), the Commissioner shall engage with and provide guidance to CTPAT program participants and other appropriate stakeholders on submitting reports described in such subsection.

“(f) Report to congress.—In connection with the President’s annual budget submission for the Department of Homeland Security, the Commissioner shall report to the appropriate congressional committees on the progress made by the Commissioner to certify, validate, recertify, and revalidate CTPAT program participants. Each such report shall be due on the same date that the President’s budget is submitted to Congress.”.