Global Trade Compliance: How to Play by the Rules

Global Trade Compliance:  How to Play by the Rules

Complex government requirements will create new impacts for many shippers in 2024. Which rules and regulations affect your business, and what steps should you take right now to comply?

Government mandates will impose new responsibilities on many supply chains in 2024. Rules and regulations concerning the environment, human rights, and drug safety will either take effect this year or gain new provisions. To comply, companies will have to capture and process a great deal of data.

Here are four sets of rules and regulations likely to make some of the biggest impact on supply chains in 2024.

1. Uyghur Forced Labor Prevention Act

Under the Uyghur Forced Labor Prevention Act (UFLPA), which U.S. Customs and Border Protection (CBP) started to enforce in 2022, companies may not import into the United States any products with content made by forced labor in China’s Xinjiang province, or products sourced from companies with links to forced labor there.

While the UFLPA is about two years old, CBP keeps expanding its list of companies associated with forced labor, and it keeps sharpening its focus on certain products.

“Going into 2024, I see more fixation on the different sectors within electronics,” says Jamie Wallisch, regulatory and sustainability expert at Assent, an Ottawa-based global firm that helps manufacturers use data to comply with supply chain regulations.

When a company imports a product with materials that CBP considers high risk, the importer must prove that the product doesn’t involve forced labor.

“It’s called rebuttable presumption; it’s like guilty until proven innocent,” says Jerry Peck, vice president of product strategy at QAD, a supply chain solutions provider based in California.

High-risk products include: items that contain certain industrial metals; clothing and apparel; industrial and consumer electronics; automotive parts; and construction and building materials, among others, according to a document published by QAD. And just because a supplier isn’t based in Xiangjiang, or anywhere at all in China, doesn’t mean the import is safe.

“Transshipments come out of China, and go into Malaysia, Thailand, and other countries where they produce the finished goods,” says Peck. Shipments from those countries could also draw scrutiny.

If CBP detains a shipment and the importer can’t prove that it complies with the UFLPA, the government can seize the goods. Even if CBP ultimately clears the import, a shipper that can’t make its case quickly will suffer.

“It’s costly for companies, every single day, to hold their goods until they’re able to provide that evidence,” Wallisch says.

A company needs to lay the groundwork for UFLPA compliance long before goods go on the water.

“First, become educated on what the forced labor requirements are,” suggests Peck. “Then include those as part of your corporate ESG [environmental, social, and corporate governance] program.”

Next, analyze overseas suppliers and their products to determine which ones might pose a risk under UFLPA. When you identify such a product, you need to trace it back to its raw materials, gathering proof that there’s no forced labor in the supply chain.

“You have to assume that your shipment will be selected for detention and have that rebuttable evidence prepared in advance of the importation,” Peck says.

Some of the evidence may come from publicly-available sources such as news articles, reports from non-governmental organizations, and corporate tax records. A shipper should also press suppliers for information: “How are they dealing with concepts of forced labor? What is their process for validating or onboarding their tier one and tier two suppliers?” Peck says.

Assent monitors publicly-available information on behalf of customers, and it administers a survey called the Slavery and Trafficking Risk Template to gather information from vendors.

QAD, through its supplier relationship management solution, also helps importers administer questionnaires. “You have to vet your suppliers and their supply chain—everyone who’s touching those goods,” Peck says.

2. European Union Deforestation Regulation

To facilitate compliance with the EUDR, Source Intelligence offers software that identifies risks to ensure suppliers, parts, and products meet core compliance obligations and uncovers possible exposure to suppliers engaged in human rights violations.

Manufacturers, distributors, and retailers that operate in the European Union will soon have to prove that their products aren’t complicit in stripping the world of trees. The European Union Deforestation Regulation (EUDR) takes effect at the end of 2024 for large companies and in June 2025 for small and mid-sized ones.

The EUDR covers seven commodities—timber, beef, palm oil, soy, coffee, cocoa, and rubber—plus certain products derived from those commodities, such as leather, chocolate, and furniture.

Any company that sells a product covered by the regulation will need to: gather information on that product; assess the risk that it has contributed to deforestation; take steps to mitigate that risk; and place a statement about these efforts in an information system developed by the European Union.

The information a company collects must first show that the commodity was sourced legally, and that it doesn’t involve any human rights violations.

“The second part is to obtain geolocations for where your commodity was grown or harvested,” says Charles Getter, sustainability consultant at Source Intelligence, a San Diego-based firm whose software and services help supply chains comply with government regulations. “You need to be certain that that particular plot of land had not been subject to deforestation.”

Responsibility to comply with the EUDR runs up and down the supply chain. But, luckily, the law doesn’t force each trading partner to perform due diligence from scratch if another supplier has already completed that function.

For example, a supermarket chain whose products include thousands of packaged foods made with soy can check to see if food processors or distributors have already performed due diligence on those products. “If so, you can just quote the reference number associated with that statement,” Getter says.

To prepare for the EUDR, first determine whether you already use a due diligence management system to comply with other government rules, such as the EU Timber Regulation. If you don’t have such a system, start planning to implement one, and start gathering data to populate the system. “You might discover that you don’t exactly know where a lot of your products are coming from, or the legality around your products,” Getter says.

In addition, study the EUDR, particularly Annex I of the regulation, which lists the Harmonized Tariff Schedule (HTS) code of all commodities the law covers.

It’s also important to pinpoint exactly where products were produced—where the soybeans were grown, for example, or the cattle grazed. Source Intelligence uses these geolocations, plus high-resolution satellite imagery provided by the EU, to look for signs of deforestation.

“We can check for conversion of forest to agricultural land by applying designations to satellite imagery and mapping land use,” Getter says.

Thanks to its automated processes, Source Intelligence can quickly conduct due diligence and risk assessment for products that originate in hundreds of locations. “We can check commodities and the legality around them, and get almost instant verdicts on whether or not deforestation was detected on that plot.”

3. Drug Supply Chain Security Act

The final phase of the Drug Supply Chain Security Act stipulates that pharmaceutical products in the United States must be electronically traceable at all times in the future, not only at batch level but also at package level. (Photo: ©Arvato)

Since 2013, the Drug Supply Chain Security Act (DSCA) has required all parties from manufacturers to pharmacists to track and trace prescription drugs and certain prescription medical devices throughout the entire supply chain.

Currently, companies can use paper-based systems and capture data on products at the lot level. But starting in November 2024, they will need to use electronic systems to collect, store, and share their data, and each product will need to carry a unique serial number at the lowest unit of sale.

Congress designed the DSCA to prevent drug counterfeiting and theft and to make it easier to recall drugs when necessary.

“It allows the supply chain to have visibility of a drug as it moves throughout the supply chain,” says Andre Caprio, director of business development, pharmaceutical and health care at Covectra, a company in Westborough, Massachusetts that provides serialization, tracking, and tracing solutions.

When the new requirements take effect, each case, vial, or other sellable unit will carry a two-dimensional barcode with data such as the product’s name and dosage, a lot number, expiration date, and a unique serial number.

Each entity in the supply chain must capture that data and store it for at least six years. Say, for example, that manufacturer Pfizer ships a product to a distributor. “Pfizer sends an electronic file that says, ‘I’m shipping 10 units of this particular product. Here are the serial numbers,” Caprio says. Receiving the product and data, the distributor verifies that they match.

“As they push that product downstream, they need to send the same information to the downstream partner, which needs to receive and store that data as well,” he adds.

Most companies in the drug supply chain are still working to comply with the new requirements, Caprio says. One key step is to implement a DSCSA compliance technology solution from Covectra or another provider. The company also needs to collaborate with its suppliers and customers, creating links that will allow them to share data.

Even before choosing a solution, a company should reach out to the Healthcare Distribution Alliance (HDA), an industry organization that includes panels for pharmacies as well as distributors. “The HDA is the best neutral resource for a company to get insight on DSCSA,” says Caprio. Companies may also get valuable advice from peer organizations.

4. SEC Climate Disclosure

Since March 2022, the U.S. Securities and Exchange Commission (SEC) has been preparing to release a new set of rules that will require publicly traded companies to report how they are managing their climate risk, and also report on their greenhouse gas emissions. While the plan could face further delay, the SEC expects to release the new rules in April 2024.

Once that happens, companies will have between one and three years to comply, depending on what’s known as their “filer status” at the SEC, says Deon Glaser, senior vice president of sustainability, social impact and ESG at The Uplift Agency, a social impact and sustainability services firm based in Detroit.

The main point of the rules is to give investors information they can use to assess, for example, how climate-driven events such as floods or wildfires might affect a company’s operations, or how much carbon the company releases through its activities.

“Investors have demanded that companies report this information,” says Mark Mellen, industry principal, ESG at Workiva, a company in Ames, Iowa that provides a cloud-based compliance reporting platform. “They want the same caliber of disclosure from organizations that they see for financial statements.”

The proposed rule divides greenhouse gas emissions into three categories:

• Scope 1: Direct emissions, such as the carbon released in a manufacturing process.
• Scope 2: Indirect emissions from purchased services such as electricity, heat, and cooling.
• Scope 3: All other emissions linked to the company’s activities, including its supply chain.

It’s not yet clear whether the SEC will include Scope 3 in the final rules. If it does, then companies will have to take a hard look at their supply chains to estimate how components, materials, or finished goods they buy contribute to emissions, both when these items are made and when they’re transported.

Just like companies affected by the UFLPA or the EUDR, companies may need to gather information from several tiers’ worth of suppliers. Fortunately, those suppliers—if they are publicly-traded in the United States—will be doing their own research. “They need to follow the same process that you are with them, with their own suppliers,” Glaser says.

To get ready for compliance, companies should first set up a governance structure. “Get the right teams together within the organization,” says Mellen. Many companies have already created such structures to comply with other sets of rules and regulations, such as those focused on conflict minerals.

Workiva offers technology to support this kind of cross-functional collaboration, helping teams assemble data and create reports, Mellen says.

Many companies already calculate their climate risk and emissions so they can comply with rules from other jurisdictions, such as California or the European Union. But those who haven’t made that move should start right away.

The first step is to study how the SEC’s rules, and other climate disclosure rules, apply to the company’s situation. Then figure out which requirements the company is not already equipped to meet, and map out how to get into compliance. “We do that all the time with our clients, to help them understand what their existing capabilities are and where they will need us to help—what gaps to fill.”


Gateway to Delays

Thousands of Porsche, Bentley, and Audi finished vehicles were reportedly impounded at several U.S. ports in mid-February 2024 due to allegations that the vehicles were manufactured using Chinese subcomponents called gateways that breach U.S. anti-forced labor laws under the Uyghur Forced Labor Prevention Act (UFLPA).

As automakers struggle to find parts that are in compliance with UFLPA, they face backlogs that will likely extend the current expected delivery delays, putting revenue and reputation at risk.

Jena Santoro, senior manager of intelligence solutions at Everstream Analytics, which has been tracking this situation, shares some key points:

1,000 Porsche sports cars and SUVs, several hundred Bentleys, and several thousand Audis were impacted.

• A vehicle gateway is a crucial component in modern automotive manufacturing as it facilitates communication and data exchange between different networks or systems within the vehicle. Without it, a vehicle’s electronic control units operate independently and much less effectively. More importantly, gateways also fortify against cybersecurity issues, and are critical in the development of autonomous vehicles that rely on advanced data exchange and safety protocols.

Though the vehicle manufacturers are now working diligently to replace the parts with those that are in compliance with U.S. laws, delivery delays to dealerships, and therefore to customers, are expected at least until the end of March.

Depending on the complexity of the vehicle concerned, the part can be replaced within between 30 minutes to several hours. The issue, however, is identifying alternate sources of reliable product that will not be found in violation of the UFLPA, and procuring them quickly.

Luckily, the landscape for global automotive central gateway manufacturing is highly competitive and not as centralized regionally like some other automotive components, such as semiconductors.

In this case, the supplier found in violation of forced labor was farther down the sub-tier automotive supply chain. As such, it will take time to verify that alternate product suppliers do not have the same vulnerabilities in their extended networks. As seized vehicles mount at U.S. ports of entry, automakers will be faced with backlogs that will likely extend the current expected delivery delays.