DEVELOPING A RISK MANAGEMENT SYSTEM FOR PARTICIPATING GOVERNMENT AGENCIES OF INDIA POLICY LESSONS IN TRADE FACILITATION DESIGN

vii EXECUTIVE SUMMARY viii I. IMPORTANCE OF RISK-BASED CLEARANCES FOR IMPROVED TRADE FACILITATION 1 II. EVOLUTION OF ELECTRONIC DATA INTERCHANGE AND RISK MANAGEMENT SYSTEMS IN INDIA 3 III. DEDICATED PLATFORMS AND RISK MANAGEMENT SYSTEMS FOR PARTICIPATING GOVERNMENT AGENCIES 4 IV. CURRENT RISK MANAGEMENT SYSTEMS OF PARTICIPATING GOVERNMENT AGENCIES 5 V. RISK FACTOR ANALYSIS FROM THE PERSPECTIVE OF PARTICIPATING GOVERNMENT AGENCIES 6 A. Risk Factor 6 B. Indicative Principles of Risk 6 C. Risk Application 6 VI. RISK FACTORS FOR EFFECTIVE RISK MANAGEMENT 6 A. Common Risk Factors 6 1. Product 6 2. Country of Origin 7 3. Importer 7 4. Broker 7 5. Quantum of Imports 7 6. Assurance 7 7. End Use 7 B. Agency-Specific Factors 8 1. Manufacturing Company or Unit 8 2. Exporter 8 3. Quality of Assurance 8 4. Color and Design 8 5. Products Requiring Temperature Control 8 iv | ADB South Asia Working Paper Series No. 84 VII. DESIGNING AND EXECUTING A RISK MANAGEMENT SYSTEM FOR PARTICIPATING GOVERNMENT AGENCIES IN INDIA 9 VIII. DEVELOPING AN INFORMATION TECHNOLOGY SYSTEM FOR PARTICIPATING GOVERNMENT AGENCIES 10 A. Digital Framework 10 B. Database Development 10 C. Application of Risk Principles 11


EXECUTIVE SUMMARY
Trade facilitation is increasingly recognized as a critical building block of the overall objective of developing globally integrated value chains. As tariff barriers are lowered, the procedural and regulatory aspects that impede or add costs to moving goods across borders are seen as the key area of reform. The World Trade Organization Trade Facilitation Agreement, February 2017 underlines this importance.
While customs departments are the primary gatekeepers of the entry and exit of goods at the border, other agencies such as food and pharmaceutical regulators, quarantine departments, and wildlife protection enforcement also play a role in clearance of goods associated with their domain. These participating government agencies (PGAs) have their own procedural requirements for scrutiny and clearance of goods, independent of the customs-specific procedures.
Trade facilitation reforms, therefore, cannot just focus on customs procedures and systems, but must extend to addressing procedural inefficiencies and systemic deficits in PGA processes and systems as well. For example, adoption of digital clearance systems that reduce the need for human interface and application of system-driven risk management principles that minimize the discretion that the individual officer needs to exercise has driven speed, efficiency, transparency, and predictability of custom clearances in many countries across the world.
Using the Indian example, this working paper underlines that similar adoption of digital systems and risk management principles needs to happen for the PGAs as well. Otherwise, the relative inefficiency of PGA-related clearances will result in delays and transaction cost escalation even if the customs part of the clearances is done efficiently.
Given that different PGAs have different regulatory priorities and perceptions of what constitutes risk (in the context of their discrete regulatory mandates), developing systems and risk management principles for them requires close familiarity with the specific regulatory domains and objectives of each PGA.
A detailed overview of the regulatory mandates of India's food and drug related regulators, animal and plant quarantine, wildlife protection agency, and textile product regulator, and an analysis of their existing processes and risk assessment criteria reveal several shortcomings of the current systems.
The reason that Indian and many other developing country PGAs fall short of the standards set by their more advanced counterparts is due to the inability to use a comprehensive array of risk factors and application of appropriate risk principles associated with them. Using a comprehensive set of risk factors, and adopting a relatively sophisticated approach to applying these risk factors ensure that only those imports that pose significant risk are selected for further scrutiny, thereby minimizing delays and allowing focused use of enforcement resources.
Best practices of PGAs in the United States of America, Australia, and the European Union clearly show a very comprehensive understanding of both the nature of risk associated with risk factors and the risk principles that are applied. However, the ability to use such an expanded array of risk factors peculiar to these PGAs is dependent on the PGA being able to access the relevant data for such risks. It also requires PGAs to maintain their own historical digital database. Indian PGAs currently do not have their own advanced digital clearance systems or a dedicated digital database.
Using illustrative examples, this working paper presents the specific system development needs for six major Indian PGAs and then provides a model for developing a comprehensive system of risk management. It also discusses the need for institutional cooperation between customs and the PGAs for effective implementation of a comprehensive single window trade facilitation solution.
While the paper is set in the Indian context, the discussion is relevant to many developing countries in Asia, and potentially provides a basic roadmap to trade facilitation reform for PGAs across the region incorporating best practices in risk management principles and technology adoption.

I. IMPORTANCE OF RISK-BASED CLEARANCES FOR IMPROVED TRADE FACILITATION
1.
Globally, applied tariffs have seen significant reduction over the last 25 years. Tariffs have remained quite stable in the recent past with tariff protection prevalent only in certain sectors in a limited number of markets.

2.
However, cross-border movement of goods is subject to a wide cross section of regulations at the border that go beyond tariffs. In addition to customs and revenue-related requirements, goods need to comply with regulations that provide legitimate safeguards against importation of products that are either of poor quality or pose a risk to human, plant, and animal health, or the environment.

3.
Over the last 2 decades, most countries have imposed an increasing number of such nontariff technical measures that regulate the quality of imports in order to safeguard consumer health and safety and protect environment, plant, and animal health.

4.
While the intent of such nontariff technical measures is often not to act as barriers to trade, their enforcement does impose significant compliance burden on businesses, besides leading to delays and inefficiencies in the clearance process. As a result, these measures effectively act as barriers. If the quality of enforcement of these measures at the border is poor-with overdependence on officer discretion and lack of transparency and predictability-it adds to the transaction costs of trade.

5.
It is thus important to address these issues from the perspective of trade facilitation which necessitates a risk management system (for faster clearance of goods) along with effective regulatory enforcement of trade. Moreover, a critical learning from the COVID-19 pandemic has been that there is a dire need to do away with physical checks and processes and move to a digital system of clearances.

6.
The World Trade Organization (WTO) Trade Facilitation Agreement (TFA) negotiations, therefore, addressed the multidisciplinary nature of regulations at the border, beyond customs and revenue-related compliances. The agenda of the agreement was not only limited to just the simplification, modernization, and harmonization of customs procedures related to exports and imports, but also extended to other agencies responsible for the enforcement of quality, health, and environmental regulations at the border. The TFA, entered into force on 22 February 2017, contains provisions for effective cooperation between customs and other appropriate authorities including participating government agencies (PGAs) that have a role in regulating clearance of goods at the border.

7.
Reforms that lead to simplification of paperwork and modernization of procedures can significantly reduce the cost and time needed to export and import goods. This is critical because such trade costs can be equivalent to a 134% ad valorem tariff on a product in high-income countries and a 219% tariff equivalent in developing countries. 1 8.
One of the most important interventions leading to simplification and procedural efficiency is digitalization of manual processes and the associated elimination of a paper trail. Customs administrations in a majority of countries have transited from largely paper-trail based manual processes to electronic platforms.

9.
Having a digital data interface brings in an additional benefit. Digital information can be subjected to algorithms that map past behavior and observe patterns to pinpoint risks. This process of pinpointing risks forms the basis of risk management systems (RMS).

10.
An RMS also helps in smart and effective deployment of personnel. With increasing volumes of trade, it is obvious that it would not be possible for regulatory authorities to check each and every consignment. With an RMS in place, only those consignments representing significant risks are flagged for greater scrutiny. Such targeted scrutiny ensures that a large majority of consignments is cleared without delay, and even the ones that are identified as risky are cleared faster because adequate number of personnel is available to focus on a smaller number of consignments. Thus, it is important to ensure that an RMS is adopted to maintain a balance between timely clearances of goods and effective regulatory enforcement of trade.

11.
Recognizing the importance of such risk prioritization principles in balancing the needs of proper enforcement and screening of goods with the need for facilitation, Article 7 of the TFA identifies the adoption of RMS as a key step toward facilitation. According to the WTO TFA, the principles of risk-based selectivity must apply to all PGAs, including customs. This principle is reiterated in Paragraph 4.3 of Article 7, which clearly indicates that the risk management system may be applied beyond the realm of customs. It states, "Each Member shall concentrate customs control and, to the extent possible other relevant border controls, on high-risk consignments and expedite the release of low-risk consignments." 2 12.
Given this focus on RMS, most of the world's customs administrations have transited to digital platforms and adopted some form of risk-based prioritization (i.e., RMS) that identifies specific shipments for further inspection and scrutiny while a majority of shipments are cleared without further processing.

13.
However, many of the PGAs responsible for the enforcement of quality and protection of human, animal, and plant health, and environment at the border still maintain manual systems. Dependent on paper trails and lacking the digital means of collecting historical data for applying risk algorithms, they are unable to develop meaningful RMS.

14.
This paper emerges out of an Asian Development Bank (ADB) project that supported the six main Indian PGAs to comprehensively assess their approach to clearance of goods, and developed a systemic response for improvement that included the development of dedicated information technology (IT) platforms for clearances and putting in place effective RMS. 3 These IT platforms and RMS would be part of the overall architecture of the existing integrated national single window ecosystem.

15.
While the discussions in this paper emerge out of this Indian experience, they have rich policy lessons for other administrations seeking to develop effective RMS for their PGAs, including the relevant IT system solutions to support such RMS development. Sections I-III discuss the RMS framework applicable to export-import (EXIM) regulations, the current Indian ecosystem of RMS, and the associated IT architecture. Sections IV-VI analyze the shortcomings in the current approach to achieving the objective of facilitating trade while ensuring that regulatory obligations are applied transparently. Sections VII-VIII propose a solution for RMS design and associated IT platform development that emerges from ADB's work with the key Indian PGAs involved in EXIM clearances. The project was undertaken under the ADB Logistics Technical Assistance titled "Supporting Logistics Sector Development". ADB engaged with six PGAs: Animal Quarantine, Plant Quarantine (PQ), Food Safety Standards Authority of India (FSSAI), Central Drugs Standards Control Organization, Wildlife Criminal Control Bureau, and Textiles Committee. Since FSSAI and PQ had their own system, they did not need additional support in design and implementation of digital platforms. ADB has also supported the development of RMS design for all PGAs.

18.
The Indian Customs EDI System (ICES) was adopted in 1994, extending coverage across different gateways (i.e., ports, airports, and land ports) in a phased manner. By 2010, most of India's gateways had ICES facilities. With an EDI system in place, Indian customs started to implement its import RMS in 2006, and initiated the roll-out of its export RMS in 2013.

19.
The different PGAs continued with their manual processes without any integration with the customs digital platform. This changed in March 2015 with the launch of the Single Window Interface

16.
Beginning the 1980s, customs organizations across the world started to adopt electronic platforms and move toward electronic declarations and collection of data. Availability of electronic data interchange (EDI) systems, in turn, allowed customs administrations to start implementing risk management strategies in identifying shipments that represented a greater risk, and thus limiting the number of physical inspections or detailed documentary scrutiny.

17.
Over the last 2 decades, the RMS framework has emerged as the core component of the EXIM regulatory systems of the European Union (EU), Southeast Asia, and East Asia. Customs administrations in countries like Singapore and the Republic of Korea are well known for their sophisticated RMS. Figure 1 summarizes the comprehensive framework for risk management which is common to all robust RMS used by regulators worldwide.
Defining what are we protecting against. For e.g., risk to the life or health of humans, animals, and plants in case of EXIM of food products, drugs, etc.
Source of risk through various selectivity criteria, including HSN codes, nature of goods, country of origin, manufacturer, trader, etc.
Defining a matrix of risk importance depending on the type of product/ agency for EXIM. For e.g., manufacturer is an important risk parameter for food safety whereas for textiles fibre, type might be crucial.
Define risk treatment options depending on the matrix of risk importance from high, medium to low risk. for Trade (SWIFT), an electronic platform developed by Indian customs to improve clearance process coordination with PGAs (Appendix 1). While SWIFT does allow digital clearance for PGAs, it has certain shortcomings that prevent PGAs from digitizing the business processes (that is, clearance-related activities, documentation, and information flow) and developing their own dedicated RMS.

20.
For PGAs to develop a comprehensive RMS, they need a dedicated database that (i) captures data relevant to their risk prioritization needs, (ii) captures additional information from importers above and beyond what is made available in standard customs declarations, and (iii) supports the development of algorithms for risk identification and prioritization.

21.
This is possible only if the PGAs develop their own dedicated platforms that are connected with the customs system where much of the information is filed in the form of declarations by importers and exporters.

22.
Seamless connectivity and data transfer will allow different systems to work together to provide a "single window" experience, while also ensuring that all regulators, and not just customs, have full visibility of the data relevant to them. Historical databases can then be developed to reflect trade patterns and compliance behavior trends which can then be analyzed to inform risk prioritization algorithms.

23.
While the Indian customs has developed a mature RMS, which has greatly improved trade facilitation and ease of doing business, the other PGAs are yet to develop sophisticated RMS based on a CDSCO approves drugs conducts clinical trials, lays down standards for drugs, controls quality of imported drugs and ensures uniformity in the enforcement of the Drugs and Cosmetics Act.
TC ensures the quality of textiles and textile machinery for internal consumption and export purposes. Responsible for matters related to classification of textiles and clothing articles in India.

Textile Committee
Plant Quarantine Animal Quarantine WCCB PQ prevents the entry, establishment, and spread of exotic pests in India, facilitating export certification of plants and adopting safe quarantine practices.
AQ prevents the entry of diseases into the country through imported livestock products and ensures health and safety of animal and human life.
WCCB regulates import, export, and reexport of animals and plants that are permitted, subject to the provisions of CITES and EXIM Policy.
FSSAI sets standards for food items and regulates manufacture, storage, distribution, and import; ensures availability of safe food for human consumption. comprehensive assessment of risk factors and subsequent application of risk principles in their processes. There are six main PGAs responsible for live clearances in India-Animal Quarantine, Plant Quarantine, Food Safety Standards Authority of India (FSSAI), Central Drugs Standards Control Organization (CDSCO), Wildlife Criminal Control Bureau (WCCB), and Textiles Committee ( Figure 2). 4 At present, the system of risk management in these agencies is either nonexistent or rudimentary, causing delays in facilitation and cargo clearance.

24.
Under the current system, the PGA officer receives a digital alert from customs system whenever a shipment is referred to them for clearance. The PGA officers can log into the customs platform and retrieve the customs declaration data and initiate the clearance process. 5

25.
The customs RMS identifies specific shipments to be referred to each PGA based on the risk assessment criteria provided by them. The current structure of risk assessment remains rudimentary, and the lack of dedicated databases owned and managed by the PGAs stymies further effort at sophistication. This crucial aspect is addressed through the system design suggested in this paper (section VII).

26.
A review of the systems of risk management currently followed by the six PGAs reveals several fundamental shortcomings (Table A2).
(i) The PGAs take only a few risk factors into consideration. Risk factors are limited to just nature of product, origin of the product, and the compliance record of the importer. For example, the PGAs do not consider the producer/exporter among risk factors. In countries like Australia and the United States (US), the producer/exporter is a critical element to mapping risk. It is the producer/exporter who is responsible for ensuring quality and mitigating risk in the product, and past record of compliance of the producer/exporter is, therefore, a good measure of predictability. Similarly, importers who are seen to be less compliant or show wide variation in terms of products being imported, origin countries, or ports of entry used, could be put in the high-risk category. This feature can be developed, and once history is built, subsequently activated. The RMS, therefore, must have the capability to measure and assess several different risk factors that might be of interest to the relevant PGA to more efficiently target shipments. It is not essential for all risk factors that the system is designed to capture to be always applied in the risk assessment methodology. But the fact that the system has the capability to apply all of these risk factors means that they can be activated as and when a PGA feels the need. In fact, some risk factors might even be used for risk assessment only temporarily, triggered by certain risky events. (ii) A PGA cannot verify how its risk assessment criteria are being applied by the customs RMS. The PGA has no way of cross-checking whether the consignments referred to it by the customs RMS meet its risk assessment criteria with no errors of inclusion or exclusion. (iii) A PGA gets data on only those shipments that are referred to it by customs. In the existing system, the customs do not provide data on all shipments with Harmonized System of Nomenclature codes under the PGA's jurisdiction but only for those consignments that are flagged for scrutiny. This limits the PGA's ability to develop its own database for risk identification and management, or apply analytics to refine its risk principles.

27.
Appendix 2 provides a detailed discussion of the existing RMS methodology of the six PGAs. Section V discusses a more robust and scientific RMS architecture for PGAs, based on additional risk factors drawn from the best practices in advanced economies like the US, Australia, and EU.

28.
As mentioned earlier, the risk perspective of different PGAs depends on the nature of product that they regulate trade in. The risk posed to human health and safety from wearing a ready-made garment is very different from that posed by the consumption of a food or pharmaceutical product. Similarly, the risk of infestation by foreign plant or animal species is different from the environmental risk of illegal wildlife trade. Before delving into that analysis, however, it is important to explain the three building blocks of risk assessment-risk factor, indicative principles of risk, and risk application.

A.
Risk Factor

29.
Risk factor is the source of the risk. For example, certain origin countries might be riskier than others, or certain products might be considered safer than others. So, origin and product are examples of risk factors.

B.
Indicative Principles of Risk

30.
A risk factor might have different indicative risk principles associated with it. For example, a product might be considered riskier because it has historically been prone to pathogens, or because it has a complex and precise manufacturing process which needs to be verified stringently for quality. A food product that is processed or cooked is less likely to pose a health risk than if it is raw. Certain products are more likely to have been smuggled by wildlife poachers. In other words, the same risk factor (say, product risk) might have different types of risks associated with it, i.e., indicative principles of what defines that risk.

C.
Risk Application

31.
Risk application refers to the practical rules by which a particular risk principle can be managed. For example, a product with a tendency to harbor more pathogens might be subject to 100% inspection, irrespective of origin. Alternatively, regulators could choose to reduce interdiction to only 50% (randomly selected) inspection if the product came from more trusted origin countries. The application of risk principles can be based on a departure from pattern; for example, if the quantum of import of a product suddenly increases, levels of scrutiny and interdiction rates might be increased.

32.
It is important to note that despite the differences in risk principles in different domains, certain common indicative risk factors drive the management of risk. It is important to first discuss these common risk factors and illustrate with examples how these factors apply to the different PGAs.

VI. RISK FACTORS FOR EFFECTIVE RISK MANAGEMENT
A.
Common Risk Factors

33.
The nature of the product can pose a risk to the health and safety of humans, environment, wildlife, flora, and fauna. However, the indicative principles of product as source of risk and its application vary across PGAs. A detailed exposition of product risk with respect to food and related products, livestock and livestock products, plants and plant materials, textiles including fabrics and dyes, drugs, and endangered and protected species is provided in Appendix 3, section A.

2.
Country of Origin

34.
A country could be considered a less credible or safe source for particular goods for a variety of reasons. It could be prone to certain diseases or viruses, or have less robust quality control systems, or suffer from seasonal pest infestations. The principles and application of origin as a risk factor vary across PGAs (Appendix 3, section B).

35.
The historical record of an importer in terms of compliance with rules, regulations, and applicable laws is one of the defining elements of risk management globally. In India, FSSAI consider previous history of the importer its primary risk factor. It is important to note that many countries have adopted some form of a "trusted trader program" where importers who meet certain criteria are categorized as posing minimum risk. Globally, customs administrations have adopted the Authorized Economic Operator (AEO) program guided by the overall international AEO framework developed by the World Customs Organization (WCO) in 2011. However, PGAs have been slow to adapt this program to their specific needs in most countries, including India.

36.
Customs brokers, also known as customs house agents (CHAs) act on behalf of importers and exporters and undertake the customs clearance processes for them. Since they deal on behalf of importers, they are an important element in any import risk assessment framework. Moreover, a CHA could transact on behalf of several importers at a time. Hence, it is even more important to capture the wider canvas of risks posed by a CHA willing to bend the rules or bypass regulations and laws. Therefore, a CHA's record of compliance and violations is an important risk factor.

5.
Quantum of Imports

37.
A single large import consignment (either in volume or value terms) represents a higher degree of risk given their relative importance in the overall quantum of imports of that product. Thus, such relatively large shipments could be subject to greater scrutiny. Sudden increase in quantum of imports by an importer or from a particular source, i.e., a change in pattern could also be considered a risk factor.
An assurance is a guarantee that risks from the import of products have been mitigated or that there is absence of risk from imports. In order to mitigate product risk from an exporting country, certain assurances are required by each PGA in India, although their application varies across agencies (Appendix 3, section C).

39.
End use is defined as the final use to which imported products are put. Imports can be categorized into those intended for consumption, for use as inputs for manufacturing, as samples for testing, or for use in research and development. An item for human consumption or an ingredient for an item to be used for human consumption requires far more stringent care to manage risk, as opposed to items that would not be used for human consumption; for example, table salt vs. salt for medicinal or other uses. Similarly, imports of research samples could be accorded a lower risk status as opposed to those meant direct consumption.

B.
Agency-Specific Factors

40.
The above listed risk factors are generic, i.e., are relevant for all PGAs, albeit with some variation in the specific indicative principles of risk and their application by the different PGAs. There are, however, other risk factors that are less generic, which tend to be extremely important for some PGAs while not so for others. Let us discuss them.

1.
Manufacturing Company or Unit

41.
A major risk factor that food and drug regulators and regulators of manufactured consumer products like toys and textiles must account for is the product's manufacturing unit/company. A manufacturer and more specifically the manufacturing unit's record of compliance with quality, health, and safety standards reflects the degree of care and quality control exercised (Appendix 3, section D).

42.
In the case of quarantine (animal and plant), the main risk emanates from the exporter since manufacturing is not a key activity in the case of livestock and plant and plant materials. An exporter's compliance history could be used to determine the risk application, with past record of noncompliant behavior attracting higher levels of scrutiny.

3.
Quality of Assurance

43.
All PGAs depend on private third-party institutions or public entities in origin countries to issue certificates guaranteeing conformity with an importing country's requirements. Wherever the risk management depends on phytosanitary (or other) certificates that indicate specific risk mitigation actions, the credibility of these certificates is a key determinant of risk. Thus, a past record of pest-, disease-, or pathogen-detection despite requisite phytosanitary certification plays an important role in informing risk assessment. Imports originating in countries whose phytosanitary (or other) certificates have been less credible are subjected to greater scrutiny. Quality of assurance, therefore, is important for plant and animal quarantine authorities as also in the case of food safety or textile regulators.

4.
Color and Design

44.
Colors that are more likely to contain toxins or heavy-metals or designs that could be potentially hazardous-for example, they include too many metal objects-represent specific risks for textiles regulators.

5.
Products Requiring Temperature Control

45.
Perishable products and pharmaceutical products requiring temperature control represent a specific risk since they could have been spoiled or rendered toxic due to poor management and handling during transit. Neither the manufacturer/exporter nor the importer is responsible or aware of events during transit. The assurance of quality can be only tested for once the consignment lands in the importing country.

46.
The above discussion on risk factor analysis from a PGA perspective draws from existing practice in the US, EU, and Australia. It provides a comprehensive understanding of the critical building blocks of risk factors, their application, and their potential information sources. Table 1 compares the risk factors applied by Indian PGAs to a common maximum list of those applied by their counterparts in the US, Australia, and member states of the EU. Table 1 thus illustrates the potential range of risk factors that can be used to develop a system of sophisticated risk identification and prioritization. In essence, the gap between current Indian practice and international practice (as captured in Table 1) underlines the need for Indian PGAs to re-assess and refine their risk assessment frameworks by integrating many more risk factors. Similar gaps would, no doubt, be visible if these risk factors applied internationally (as listed in Table 1) were to be compared with the those applied in other developing economies in Asia.
Source: Study team analysis.

47.
Section VII builds on this discussion to suggest a way toward developing an advanced risk management system for PGAs in India.

48.
The key to any RMS development is access to data that allows the application of risk principles. Our earlier discussion on the risk factors and the indicative principles differentiates between common risk factors and the PGA-specific ones. This distinction also has significance in terms of data availability for the application of risk principles in the Indian context.

49.
All information (i.e., data fields) related to five of the seven common risk factors (i.e., product, origin, importer, broker, and quantum of imports) is captured in the customs declaration (bill of entry). Assurance related information is separately filed with the PGA by the importer or their agent, in some cases manually. End use is the only common risk factor information that is not being formally filed with either customs or the PGAs in the current Indian system.

50.
Information on the PGA-specific risk factors (discussed in section VI-B) is not available from the customs declaration. In some cases, though, the information might already be available with the PGA; for example, CDSCO already has the list of registered pharmaceutical manufacturing units outside India, but this database remains in a separate information silo and, therefore, its systemic use and application remains discretionary rather than being part of a systemic process.

51.
Therefore, for a more advanced RMS, the following need to be developed: (i) a digital framework for the collection of relevant and complete information for the risk factors, and not just those available in the customs declaration; (ii) a database where this information will be stored; and (iii) a framework for comprehensively defining the risk principles associated with each risk factor and its application framework. Needless to say, the application framework has to be dynamic, based on changing risk perceptions and new data presenting new scenarios. Let us discuss each of these three elements, and specific interventions related to them in the Indian context.

VIII. DEVELOPING AN INFORMATION TECHNOLOGY SYSTEM FOR PARTICIPATING GOVERNMENT AGENCIES
A. Digital Framework 52. The first step toward building an RMS is to develop a mechanism through which all data relevant to mapping risk factors can be collected in a digital format and subjected to analytics. In the case of PGAs, this would mean not only collecting the data filed in the customs declaration but also that related to PGA-specific risk factors (not available in the customs declaration). To achieve this, the IT system for PGAs would need to be such that (i) through integration with the customs system, it fetches all the relevant risk factor-related data fields from a customs declaration; (ii) it is integrated with PGAs' own standalone databases, where risk factor-related data points might be available-for example, data on all the pharmaceutical manufacturing units across the world that are registered with CDSCO; (iii) it provides for an importer or their agent to fill information related to PGA-specific risk factors in a declaration format to collect this data digitally, backed by documentation that is also preferably filed electronically; (iv) it converts risk factor data available in physical documentation (nondigital format) into digital data-for example, in a veterinary certificate, it links the name of the specific third-party certifying agency or national regulator to the line item of import to which the certificate applies.

53.
The IT system needs to be backed by a comprehensive database storing risk-relevant data in one place, thus making it available for application of risk principles for analysis. A key challenge in the Indian context is that customs does not share data with PGAs for all consignments under that PGAs jurisdictional mandate, 6 but for only those that are flagged for scrutiny. Thus, the first step toward database development is to ensure that 100% of the customs declarations data for all products that fall within the jurisdictional mandate of a PGA are shared with it.

54.
The database management system would need to adequately reflect the indicative risk principles associated with the risk factor for the PGA in question. For instance, the countries of origin considered safe (say, from azo dyes) in the Textile Committee's database would be different from the Animal Quarantine database which would also have multiple lists of "safe and unsafe" origins, depending on the product. The Animal Quarantine lists are also likely to be more dynamic as diseases or pests can quickly spread into a previously safe country.

55.
Database development would involve integrating the history of compliance related to the risk principles for each risk factor. It should record every instance of noncompliance, identifying the product, origin, manufacturer, importer, and certifying agency of assurance among other parameters.

C.
Application of Risk Principles

56.
As the core activity of any RMS, application of risk principles has to be tweaked and re-designed from time to time to adjust for new dimensions of risk. It is a highly subjective activity, not just in terms of the unique regulatory concerns of each PGA but also dependent on the administration's viewpoint on "appropriate response" to managing new risk.

57.
The typical methodology for the application of risk principles requires PGAs to assign risk categories to individual risk factors (what defines higher or lower risk) and assign a risk score to each risk category for each risk factor. The sum total of all the risk scores from different risk factors is the risk weight applied to the particular shipment (illustrated in Table 2).

58.
Let us work through an example using the risk categories and scores listed in Table 2. In our example, we have two different risk applications for the product. The first one is based on a scientific assessment of the potential harm to human health. A second application is the previous history of compliance for shipments of that product that were inspected and found safe. In this context, a specific rule is established, i.e., if more than 90% of the last 500 shipments were found to be compliant, then a risk score of -30 will be assigned to that shipment.

59.
In order to keep things simple in our example, the risk application for manufacturer, origin, importer, and broker is based on compliance history. Risk rules in terms of what levels of historical compliance constitute higher or lower risk would need to be assigned to each of these risk factors. For example, if 100% of the last 200 shipments from a manufacturer were found to be safe, it would be considered low risk; those with 80% plus compliance would be considered medium risk, and those with compliance level below 80%, high risk.

60.
It is important to reiterate that a different risk application can also be used and added. For example, in the case of manufacturers, one could categorize large firms with better quality control as less risky and small and medium enterprises as more risky.

61.
The risk application for origin could be based on the assessment of that country's quality control administration and level of assurance. The risk application for an importer could be based on whether the entity is a manufacturer (low risk) or a trader (high risk).

62.
Let us assume that we have a shipment of a product that is considered to be of medium risk and is assigned a risk score of 60. However, if over 90% of the last 500 shipments of this product were found to be without issue, a risk score of -30 is added.

63.
The manufacturer of the product is considered to be also of medium risk (risk score of 60) and it is originating in a low-risk country (risk score of 0). While the broker is considered to be low risk (risk score of 0), the importer is considered to be high risk (risk score of 60). The product end use is for direct consumption (risk score of 60). The combined risk score, i.e., the risk weight, for this shipment is 210.

64.
For our example, we assume that the PGA has established the rule that all shipments with risk weight greater than 200 but less than 240 would qualify for random interdiction of 30% of all shipments. Once a shipment has been interdicted and picked up based on this 30% random selection, the decision on whether to just inspect it or send it for more detailed tests is dependent on the past history of test results for that product. A score of 30 or greater would result in it being sent for tests. If our shipment falls in the high-risk category based on past testing history (score of 90), and comes from a country with which an agreement of mutual recognition of standards exists (getting a -60 score), the combined score, i.e., the risk weight, for the testing decision would be 30, and it would have to be sent for tests. If, however, the product has medium risk based on past testing history, then the risk weight for testing decision would be 0, resulting in it not being sent for further tests.

65.
In addition to the application of risk weights, special alert features that track specific events or deviations from existing patterns in data can be built into such an RMS. An example of a specific event is related to a combination of two or more risk factors using an IF-THEN logic that can be programmed for alerts. Say, IF a product came from a certain origin, THEN it would be subject to 100% interdiction. A more complex example would be: IF a product was from a certain origin and IF it was being imported by certain importer, THEN alert officers, i.e., alert based on a combination of specific origin and specific importer. These alert specifications would be dynamically programmed by the PGA teams based on need.

66.
Deviation in pattern could include instances where an importer brings a particular product for the first time, or imports that product from an origin for the first time. Another example could be that the importer uses a different third-party certifier for assessment of conformity with standards. An unexpected fluctuation in the quantum of imports by an importer and the sudden use by all importers of the same broker for certain types of products at a particular port of entry are other such examples.

67.
Appendix 4 provides a different illustration using the same table to further elucidate the point on the application of risk principles using risk categorization, risk scores, and risk weights and the associated rules for interdiction or testing.

68.
Risk management is one of the pillars of trade facilitation. In a world defined by millions of different shipments crossing borders, it is impossible to scrutinize and inspect every one of them. A methodology for selective targeting of just a few of these shipments while allowing the rest to pass through is a practical necessity. But the design and application of risk management holds the key to how effectively and transparently authorities manage cross-border trade. In other words, the efficacy and quality of trade facilitation in a country is underpinned by its efforts to develop a robust RMS.

69.
Customs administrations worldwide, led by the WCO, started to seriously explore the methodology and design of RMS. These efforts included finding the means to electronically capture data relevant to the key risk factors from a customs perspective, i.e., effective use of electronic declarations and EDI.

70.
However, it became evident that RMS cannot be restricted to customs alone. For effective gains in trade facilitation, PGAs involved in the clearance process need to have their own RMS and a system for digital capture of data relevant to their specific risk factors. The last decade has seen PGAs across many countries dedicate time and resources to develop their own RMS, including IT systems for data capture and processing, while working with customs administrations to integrate business processes to provide trade with an integrated single window interface. Figure 3 demonstrates how the customs single window system will work seamlessly with the PGA system for import clearance while building a robust RMS criteria framework over time.

PGA System
Periodic transfer of all entries by customs database to PGA database  Figure 3 shows the following steps:

71.
Step 1: Importer files the customs declaration (bill of entry) along with other mandatory supporting documents in the customs single window system.
Step 2: The single window system applies the risk principles (as defined by the PGAs) to identify those entries that represent greater risk, and notifies these entries to the PGA system.
Step 3: The PGA system processes these entries digitally, while conducting necessary physical inspections and tests. Accordingly, the PGA decides to either issue a "no-objection certificate" or deny clearance, and conveys this decision digitally to the customs system.
Step 4: From the customs database, there is a periodic transfer to each PGA database, of all entries that fall under the jurisdiction of that PGA to ensure comprehensive database development. The PGA will analyze this comprehensive data on the basis of the multiple risk factors in its risk assessment framework, update their risk algorithm based on the results of this analysis, and share this updated algorithm with customs to apply it at their end. This exercise will help improve the RMS criteria which PGA uses over time.

72.
This paper uses the Indian experience to build a roadmap for developing an effective RMS for PGAs. Based on the work done by ADB with six important Indian PGAs in assessing their needs for RMS and IT systems, and developing the required solutions, the paper identifies certain important learning points.
(i) In order for a PGA to develop robust and sophisticated RMS, the prerequisite was to develop its own IT platform and database to capture and store all data associated with its specific risk factors. Such a system also enables PGAs to automate their processes while providing time stamps that bring transparency and ensure the accountability of officers involved in each administrative subprocess required for EXIM clearance. (ii) The PGA's IT system needs to be seamlessly integrated with customs to ensure quick turn around of decision making, i.e., the systems cannot be "single window" just in name, but should also be so in effective procedural terms. Managing this successfully requires both customs and PGAs to be sensitive to each other's needs and to look at every micro-process so that different applications in their respective systems, representing different steps in the EXIM clearance process, are effectively aligned. (iii) The PGAs must have full access to all the relevant information associated with their risk factors. In many cases, such information might be collected by customs or other agencies. Effective means of real-time transmission of data must be built into any systemic solution being designed. (iv) The PGAs need to analyze their risk priorities and minutely examine the risk principles they would apply to their risk factors. Such an analysis provides the building blocks to develop an effective risk management methodology best suited to their needs. The best way is to engage with counterpart PGAs in other countries; the diversity of experiences and views of how their counterparts are grappling with similar problems provides new insights and triggers innovation in approach to enforcement. This also helps PGAs to identify their own strengths and shortcomings.

73.
Having gone through this journey, specific RMS schematics suitable to each PGA and associated systemic solutions emerge that can be practically applied with minimum disruption to the day-to-day functioning of the PGAs. This is critical given the fact that most PGAs are national regulators, and most of their energy is devoted to administrating standards and regulations in domestic product markets. EXIM is just one part of their overall responsibility. Such PGAs are also typically resource constrained and the process of implementing a new RMS and associated systems needs to avoid significant disruption requiring PGAs to deploy large number of personnel, resources, and time.

74.
Thus the key findings and the analytical framework presented in this paper would be relevant for policy-makers and researchers in other developing countries.

APPENDIX 1: THE INDIAN SINGLE WINDOW ARCHITECTURE
The Indian Customs Electronic Data Interchange (EDI) System (ICES) is the digital platform developed by Indian customs for export-import clearances. Currently, ICES is operational at 245 major customs locations and handles 98% of India's international trade in terms of import and export consignments.
The various components include ICES, the Indian Customs EDI Gateway (ICEGATE), E-SANCHIT portal, risk management system (RMS), and the Single Window Interface for Facilitating Trade (SWIFT). The ICES receives and processes all incoming EDI messages.
The interface of ICES with external stakeholders for sharing customs-related messages is the EDI gateway, ICEGATE. The customs house agent (CHA), shipping line, or importer accesses ICEGATE and submits vessel-and cargo-related documents to customs.
The E-SANCHIT portal is a repository of all documents that are submitted in electronic form by the CHA for cargo clearance. These documents could include invoices for the goods imported, packing list, and contract copy/purchase order. The RMS component of ICES helps the customs identify and segregate transactions that require deeper scrutiny by the customs officer.

APPENDIX 2: KEY CHARACTERISTICS OF EXISTING RISK MANAGEMENT SYSTEMS OF PARTICIPATING GOVERNMENT AGENCIES
The risk management system (RMS) of the Food Safety and Standards Authority of India (FSSAI) is based on product characteristics and importer compliance history. For example, in the case of low-risk items in FSSAI, for the first five shipments, there is 100% inspection (for the same HS-8 product and the same importer). If the first five shipments are fully compliant with regulatory requirement, then random sampling of 5% (5 per 100-line entries) is undertaken. For high-risk products, the first five shipments go through 100% inspection. If full compliance is achieved, then randomization is reduced first to 25% and subsequently to 5%.
Plant Quarantine, Animal Quarantine, and Central Drugs Standard Control Organisation (CDSCO) use origin and product characteristics as risk factors. For the high-risk product category, 100% of referrals are inspected; the proportion subjected to inspection falls for medium-and low-risk products. In fact, for CDSCO and Animal Quarantine, approval is granted without any need for physical inspection.
The Wildlife Crime Control Bureau currently has no RMS in place. The system entails 100% visual inspection for items falling under its jurisdiction as defined by the Wild Life (Protection) Act, 1972.
For the Textile Committee, the country of origin is the key risk factor used to assess risk. Most consignments in the high-risk category are drawn from countries with no legal prohibition on the use of hazardous dyes. Imports from the European Union, Serbia, Poland, Denmark, the People's Republic of China, Australia, Canada, Japan, and the Republic of Korea are considered low risk since the use of azo dyes in textiles and textile articles is banned in these economies.
Risk management systems and the associated sampling methods used by each participating government agency is provided in Table A2.

APPENDIX 3: DETAILED EXPOSITION OF KEY RISK PARAMETERS
This appendix provides details on the key risk parameters (product, country of origin, and manufacturing unit/company) and illustrates with examples how these factors apply to the different participating government agencies.

A. Product
In case of food, the Food Safety and Standards Authority of India (FSSAI) is concerned about the risk various products pose to human, plant, and animal health through consumption or even as intermediate inputs into manufacture or production of other food or pharmaceutical products. In India, protection against socio-cultural risk is also a priority; this includes ensuring that import of vegetarian food is in proper form, not contaminated by nonvegetarian foods.
Food items that have traditionally been viewed as less safe, such as those are not fully processed or cooked or those that include animal or marine products as ingredients, are categorized as "high risk". High-risk items also include meat, fish, poultry, and dairy products, which are most prone to contamination and adulteration. Risk is also a function of end use of the product-whether it is for human consumption or for intermediate use as an ingredient for further processing. Products for immediate human consumption would have a higher risk score.
In the case of Plant Quarantine (PQ), the main objective is to intercept plant and plant materials subject to pest risk analysis to protect the country's crops from the risk of alien pests. In addition, PQ is also concerned about protecting human health from consumption of unsafe fruits and vegetables. Typically, seeds for sowing and plants for propagation are considered to present a higher risk due to the domino effect if pests or contaminations are inherent. Products under PQ are classified into different categories depending on the risk they pose from pests. These include the following: • Prohibited plant species which are high risk and whose imports are restricted; for example, cocoa imports from West Africa and tropical America are prohibited due to the incidence of destructive pests. • Restricted species, where import is permitted only by authorized institutions; for example, bananas from the West Indies can be imported into India only with special permission from the Department of Agriculture, Cooperation, and Farmers' Welfare, Government of India. • Restricted species permitted only with additional declarations of freedom from quarantine pests and subject to specified treatment certifications; for example, kiwis from Italy require additional declaration in the phytosanitary certificate that they are free from infestation by the Mediterranean fly. • Plant material imported for consumption or industrial processing permitted with normal phytosanitary certification are those that pose less risk as compared to the categories mentioned above because they are either for direct consumption or used as inputs for medicinal purposes; for example, wood imported for consumption.
Animal Quarantine is tasked with preventing the ingress of diseases (dangerous to humans and animals) through importation of livestock and livestock products. Besides, because livestock may covertly carry pathogens without showing overt signs of clinical disease, they must be held in quarantine for observation and tested to establish their pathogen-free status before release. Based on the likelihood of carrying dangerous diseases and pathogens, the regulator has defined products into three risk categories: • high risk, including livestock and livestock products which are barred from entering the country; • medium risk, including products requiring import license (from the Directorate General of Foreign Trade, Ministry of Commerce and Industry, Government of India) as these are restricted items; and • low risk, including products requiring Sanitary Import Permit from Department of Animal Husbandry, Dairying and Fisheries, Government of India.
For the Central Drugs Standard Control Organisation (CDSCO), which regulates the import of drugs, product risk needs to be intercepted to protect human and animal life from risky drugs and medical equipment. Categorization into high and low risk is based on the potential to harm human health. For example, standard generic formulations are considered to be less risky as their effects are well known but new formulations or drugs, such as psychotropic medicines or vaccines, are considered to be riskier as they could have more serious impact on human health. Other risk factors include the use and quality of active ingredients, i.e., the higher the use of lower quality active pharmaceutical ingredients, the higher the risk. Similarly, the type of medical devices imported also has a bearing on risk depending on the end use. For example, a generic home-use blood pressure monitor or a thermometer is considered to pose a lower risk to human health as compared to high-end medical devices like X-ray machines or equipment for magnetic resonance imaging since the failure of the latter category of devices has much greater consequences for human health. These devices have to be registered under the quality standards prescribed by the Medical Devices Rules, 2017, and other standards set by the Bureau of Indian Standards.
For the Wildlife Crime Control Bureau, product risk emanates from the import of endangered and protected species, or species whose propagation might endanger local wildlife. The regulator is responsible for protecting endangered and protected species of flora and fauna, and ensuring that wildlife crime is avoided or intercepted. To that end, risk profiling is closely correlated with the potential for illegal activity associated with certain species or products. For example, logs or timber could be assigned a higher risk weight compared to veneer, the logic being that expensive prohibited woods are typically smuggled or imported in log or timber form rather than as veneer. Over time, these descriptions and their risk weights could also be refined, based on history. Animals whose hide, horn, teeth, and bone or other body parts are in demand for making jewelry, clothes, etc., are more susceptible to poaching. These products would be accorded a higher risk.
In the case of the Textile Committee, the product risk emanates from the use of fabrics and dyes which may cause harm to humans. For example, azo dyes can break down to a class of chemicals that are considered hazardous and carcinogenic. Products that contain harmful fabric or dyes are in the high risk category and will go through proper testing and pre-import certifications before being cleared for imports. Another application of risk emanates from the flammability of the textile/fabric being imported, i.e., its relative ease of ignition and ability to sustain combustion. For instance, synthetic fabrics might melt, rather than burn, which can cause serious burns when they contact skin. Again, depending on the flammability of the textile, the Textile Committee categorizes it as high or low risk. The user or nature of use is also considered for risk, for e.g., child-sized garments are considered more risky than adult-size garments as they might have design flaws that could lead to children choking or hurting themselves. Children are also considered more vulnerable to contamination or poor-quality pigments.

B. Country of Origin
At present, FSSAI and CDSCO do not routinely use country of origin as a factor for risk assessment. However, in the case of advisories from international agencies or intelligence received from other sources, the country of origin becomes a deciding factor. For example, an advisory could be received on the outbreak of a disease affecting Product A, or that a Manufacturing Unit B producing Product C in Country D was facing a challenge of mass contamination; such products would then be categorized as high risk. For example, in 2008, India imposed a 3-month ban on the import of milk products from the People's Republic of China (PRC) following the baby food scandal in that country, in which adulterated formula infected thousands and killed several infants.
For the Textile Committee, however, country of origin is a very important risk factor. A majority of consignments in the high-risk category are drawn from countries with no legal prohibition on the use of hazardous dyes. Imports from European Union, Serbia, Poland, Denmark, the PRC, Australia, Canada, Japan, and the Republic of Korea are considered low risk since the use of azo dyes in textiles and textile articles is banned.
Country of origin is also an active risk criterion for the Wildlife Crime Control Bureau. Wildlife products typically move along specific trade lanes. Imports from certain origins could be given more risk weight owing to prevalence of heavy illicit wildlife trade traffic. These weights would be dynamic in nature, based on real intelligence or changing trends in illicit trade networks for wildlife. Suvarnabhumi Airport in Bangkok is counted among notable wildlife trade hubs. The Chatuchak market in Bangkok is a known center for illicit wildlife trade, where the sale of lizards, primates, and other endangered species has been widely documented. Trade routes in Southeast Asia link Madagascar to the United States (for the sale of turtles, lemurs, and other primates), Cambodia to Japan (for the sale of slow lorises as pets), and facilitate the sale of many species to the PRC.
Quarantine agencies use origin as an important risk indicator. They map specific risks posed to plant products or livestock coming from a specific origin due to the prevalence of specific pests or diseases in that country. In such instances, scrutiny of all imports from that country in increased.

C. Assurance
In the case of quarantine and food, assurance in the form of phytosanitary certification or test certification is provided by the exporter. This certifies absence of specified pathogens, diseases, or pests from the products being imported into the country. In addition, product quality and origin certificates in the case of food and textiles certify that the product follows the prescribed norms and standards agreed upon by the two trading countries. In the case of wildlife, import, export, re-export, and introduction of all species covered by the Convention on International Trade in Endangered Species of Wild Fauna and Flora (CITES) has to be authorized through a licensing system. 7 Trade (import or export) in wildlife regulated by CITES require the CITES certificate to be presented for clearance at the port of entry or exit.

D. Manufacturing Unit or Company
This risk parameter is especially useful for products where quality is determined by the level of care exercised in the manufacturing process. These include medicines, vaccines, medical devices, and processed food products. It also includes consumer products that have the potential to cause disease or endanger the user. Examples of these include clothes, toys, and certain classes of chemical products. Levels of historical compliance and consistency in meeting standards could be used to categorize a manufacturer's risk profile. For example, the United States Food and Drug Administration (USFDA) considers the manufacturer rather than the exporter on record as an important risk assessment criterion. The history of a manufacturer as pertaining to each product (product code) is used to define levels of risk. The key areas of compliance record, based on which risk application can be undertaken, include • refusal history (how compliant to standards has the manufacturer been in the past); • testing laboratory analysis history; 7 The Convention on International Trade in Endangered Species of Wild Fauna and Flora is an international agreement between governments. It aims to ensure that international trade in specimens of wild animals and plants does not threaten their survival.
• field exam results; • history of anomalies in declarations; and • facility inspection results.
The USFDA also uses the historical pattern of imports from a particular manufacturer as a criterion in its pattern mapping. This is an important application of manufacturer-based risk mapping. For instance, if a manufacturer who typically exports liver disease medications such as pioglitazone starts exporting HIV-related medication to the US, this would be considered a break in pattern, and flagged for greater scrutiny.

APPENDIX 4: EXAMPLES OF RISK WEIGHT CALCULATIONS FOR IMPORT CONSIGNMENTS
Example 1 showcases a risk matrix for an import consignment. The round risk balloons represent the risk score in each risk category (high, medium, and low) and are assigned scores based on the size. The biggest balloon has a score of 90 and this goes down to 30 for the smallest balloon, representing the lowest risk in the particular category. Example 1: Calculation of risk weight for an import consignment In Example 1, the risk weight is calculated by summation of the individual risk score categorized by the risk factor. Of the six risk factors, one falls under high risk, two fall under medium risk, and three under low risk.
The product falls into the high-risk category and is assigned a score of 90. Similarly, the importer and end use of the product (intermediate consumption) are considered medium risk and are each assigned a score of 60. The manufacturer, origin, and broker all fall under low risk category and are assigned a score of 30. This sums to a total risk weight of 300.
For Example 2, let us assume that the participating government agency has established the rule that all shipments with risk weight greater than or equal to 240 but less than 340 would have random interdiction of 30% of all shipments, whereas shipments with weights greater than or equal to 140 but less than 240 would have interdiction of 20% of all shipments. Thus, a risk weight of 300 would call for a 30% interdiction. Example 2: Calculation of risk weight for a less risky import consignment