DECISION

ON THE PROMULGATION OF THE REGULATION ON THE APPLICATION OF RISK MANAGEMENT IN PILOTING ELECTRONIC CUSTOMS PROCEDURES

GENERAL DIRECTOR OF GENERAL DEPARTMENT OF CUSTOMS

Pursuant to the Law on Customs of June 29, 2011 and Law on amending, supplementing a number of Articles of the Law on Customs of June 14, 2005;

Pursuant to the Prime Minister’s Decision No. 149/2005/QD-TTg of June 20, 2005 on the implementation of pilot of electronic customs procedures;

Pursuant to the Minister of Finance’s Decision No. 52/2007/QD-BTC of June 22, 2007 on the promulgation of the Regulation on piloting electronic customs procedures;

At the proposal of the Director of Anti-smuggling and Investigation Department and the Department of Customs Renovation and Modernization,

DECIDES:

...

...

...

Article 2. This Decision takes effect from October 01, 2007.

Article 3. Heads of units belonging to the General Department of Customs, Directors of Customs Departments of provinces and cities applying the pilot of electronic customs procedures and relevant units are responsible for the implementation of this Decision.

FOR GENERAL DIRECTOR OF GENERAL DEPARTMENT OF CUSTOMS
DEPUTY GENERAL DIRECTOR OF GENERAL DEPARTMENT




Dang Hanh Thu

REGULATION

ON APPLYING RISK MANAGEMENT IN PILOT OF ELECTRONIC CUSTOMS PROCEDURES
(Promulgated together with the Decision No. 1700/QD-TCHQ of September 25, 2007)

Part I

...

...

...

1. Interpretation of terms

1.1 Risk-prone domains: means the customs procedures and means of international transport in which risks occur.

1.2. Risk identification: means the process of identifying what the risk is, causes, conditions and objectives of the risk occurance.

1.3. Risk rate: means the possibility, probability of the risk occurrence.

1.4. Risk consequences: means damages, effects when risks occur.

1.5. Risk level: means the combination of the rate and the consequences when risks occur.

1.6. Risk control: means activities of risk management, including the implementation of policies, standards, procedures and adjustments to eradicate or diminish causes, conditions for risk occurence.

1.7. Process of risk management: means the systematic application of policies, procedures and field experiences to the setting up of situational contexts, identification, assessment, handling, monitoring of and feedbacks on results of risk handling.

1.8. Risk criteria: means one or a group of indicators to permit identification, measurement, assessment, classification regarding each kind of risks; including:

...

...

...

1.8.2. Risk assessment criteria: means criteria to measure, assess the risk extent; according to the 3 following kinds:

a. Selection criteria: means risk criteria set up according to a risk indicator or a compound of risk indicators to create instruments for risk identification and extent assessment.

b. Scoring criteria: means risk criteria assessed and demonstrated by risk scores.

c. Random criteria: means criteria of sampling using statistic probability method to measure the extent of observence regarding each of the identified subjects and activities.

2. Scope and domains of risk management application

2.1 Process of customs procedures regarding seaway transports entering, exiting country, in transit, in port transit; including violations of provisions on:

2.1.1. Management policies regarding goods banned from export, import;

2.1.2 Public health, environment, security;

2.1.3. Goods being managed in accordance with provisions of CITES treaty and BASEL treaty;

...

...

...

2.2. Process of customs procedures regarding exported, imported goods including violations of provisions on:

2.2.1. Customs declaration regarding exported, imported goods;

2.2.2. Dossiers, documents of customs declaration;

2.2.3. Value of exported, imported goods;

2.2.4. Categorization of exported, imported goods;

2.2.5. Exported, imported goods subject to management by permits, quota and lines;

2.2.6. Exported, imported goods relating to intellectual property rights;

2.3. Post-customs clearance inspection including the following risk-prone domains:

2.3.1. Specially-prioritized traders;

...

...

...

2.3.3. Customs value regarding exported, imported goods:

2.3.4. Categorization of exported, imported goods;

2.3.5. Permits and line management;

2.3.6 Intellectual property rights;

2.3.7. Processing for foreign countries and processing in foreign countries;

2.3.8. Production of exported goods;

2.3.9. Domestic and foreign investment;

3. Risk management criteria

3.1. Priority criteria (Annex 1);

...

...

...

3.3. Risk assesment criteria (Annex 3).

4. Risk assessing, analyzing system

The risk assessing, analyzing system shall support in channeling, selecting subjects of inspection on the basis of risk file updating on the system regarding the following processes of procedures:

4.1. Means of transport entering, exiting country, in transit and in seaway port transit;

4.2. Exported, imported goods;

4.3. Post-customs clearance inspection.

5. Applied measures for handling risks

5.1. Prevention measures

5.1.1. Propagating in order to improve enterprises awareness of observance of the customs law;

...

...

...

5.1.3. Notifying enterprises to proactively handle, terminate violations of the customs law;

5.1.4. Proposing for amending, supplementing policies, provisions possible to cause risks;

5.1.5. Concentrating resources for activities of customs inspection, control regarding domains of risks.

5.2 Measures of detection, prevention

5.2.1. Dossier inspection;

5.2.2. Goods inspection;

5.2.3. Post-customs clearance inspection;

a. Assessment of the extent of observance;

b. Post-customs clearance inspection regarding objects selected from the system;

...

...

...

Part II

PROCESS OF RISK MANAGEMENT

The process of risk management is conducted in 4 steps: (1) identification of risks, (2) assessment and analysis of risks, (3) handling of risks, (4) supervision, re-assessment and measurment, assessment of the extent of observation.

1. Step 1. Identification of risks

The Identification of risks is carried out in the following order:

1.1 Collecting and analyzing information and data; identifying potential risks in each of the risk-prone domains

1.1.1. The risk file

a. Review risks being applied management measures and monitor changes of these risks;

b. Review the happening of the accepted risks and eliminated risks in the past or and its affects on the customs management work in the present;

...

...

...

1.1.2. Dossiers of violation cases and database of customs law violations management

a. Statistic, analyze figures of violation cases within branch and each sub-department in order to assess the violation on the basis of previously indentified and registered risks; identify signs of arising-newly risks;

b. Analyze modes and tricks of violation to forecast the possibility of potential violations.

1.1.3. Synthesize, analyze feedbacks from the steps in the Process of procedures to identify remaining risks, arising-newly risks or forecast risks from the analysis of modes and tricks of violation.

1.1.4 Analyze, assess operational information or other information provided by units within and outside the branch in order to identify hidden risks possible to be happening or likely to happen.

1.1.5. Results of measurement and assessment of observance

a. Synthesize, analyze, and assess violations detected during the application of random selection criteria to each observing domain;

b. Collect feedbacks; analyze violations detected during the post-customs clearance inspection activities:

- Results of the assessment of observance regarding specially-prioritized enterprises and commodity lines, fields of importance;

...

...

...

1.1.6. The risks synthesized and indentifed from operational activities, customs intelligence activities or provided by units within and ouside of the branch.

1.2. Outcomes of the risk identification step

1.2.1. What the identified risk is, of what risk-prone domains are;

1.2.2. Signs for risks detection;

1.2.3. Causes, conditions and objectives that make risks occur;

1.2.4. Subjects causing or relating to risk occurrence;

1.2.5. Units or Departments that are handling;

1.2.6. Management measures being applied by the Customs and relevant functional agencies.

1.3. Report, approval of the registration in the risk file

...

...

...

a. If the such risks have been registered in the risk file (including eliminated cases), then compare relevant signs and elements of identified risks with risks being managed to consider the adjustment, supplement or restoration of the previously-registered dossiers (for eliminated risks) and report to competent leaders for approval.

b. If identified risks are newly-detected risks, then report for establishing the risk file in accordance with form MQLRRDT- 4 (Annex 4) and submit to competent leaders for aprroval.

1.3.2. The competent person (provided for in part IV of this Regulation), based on the proposal of Officerss, consider the authenticity of information to decide the adjustment, supplement, restoration of risk application dossiers or approve the establishment of the new risk file.

2. Step 2. Assessing and analyzing risks

2.1. Analyzing the risks identified in step 1 to specify:

2.1.1. The possibility of risk occurrence:

a. Regularly: high extent (3)

b. Occasionally: average extent (2)

c. Rarely: low extent (1)

...

...

...

Extent

Occurrence

High (3)

Very likely to occur

Average (2)

Possible to occur

Low (1)

Possible to occur but not likely

2.1.2. Consequences of risks

...

...

...

b. Serious: average level (2);

c. Rather serious: low level (1);

Officerss analyzing risks may use the below table to support the identification of the risk impact on the set forth objectives:

Level

Results

High

Severe damage to revenue sources, public health and security, environment.

Average

Medium damage to public health, security, environment.

...

...

...

Acceptable few damage to revenue source, public health, security, environment.

2.1.3. Risk levels

On the basis of the results of risk possibility and consequences identification (in cases of actual occurrence), Officerss analyzing risks may use the risk level identification table to identify the overall risk level. The risk level is defined by the junction of possibility and consequences belonging to one of the following cases:

High level (3);

Average level (2);

Low level (1).

The results of risk analysis shall be updated on the risk file in accordance with form MQLRRDT-5 (Annex 5) issued under this Regulation.

Risk level analysis table

Possibility

...

...

...

Very serious

Serious

Rather serious

Regularly

High

High

High

Occasionally

Average

...

...

...

High

Rarely

Low

Average

High

2.2. Assessing the effectiveness of control measures being applied to identified risks:

2.2.1. Being-applied measures;

2.2.2. Ratio of violation detection relating to risks identified in the phases before and after the application of measures

2.2.3. Impact of being-applied measures on relevant branches.

...

...

...

2.3.1. Foundation for classification:

a. Conditions for, possibility of application;

b. The risk levels

c. Compare with criteria and handled risks to make a list and propose plans to monitor and assess acceptable risks.

2.3.2. Make a list and set up priority order for handling unacceptable risks.

2.4. Setting up compounds of signs of risks

2.4.1. Collect, analyze all the distinctive signs of the identified risks;

2.4.2. Find distinctive signs of risks

2.4.3. Combine distinctive signs with other signs to make instruments for detection and selection of the risks of the same category.

...

...

...

3.1. Proposing measures for handling risk

3.1.1. Customs units and levels provided for in part IV of this Regulation shall:

a. Timely provide risks detected during the process of information synthesis and analysis in the allocated domains;

b. Re-analyze; re-assess identified risks periodically and provide results for risk management units at the same level every month on the day of 20th; propose handling measures and provide operational guidance.

3.1.2. The risk management units, on the basis of their results of risk analysis and assessment and the proposals of operational units and, shall re-assess:

a. The risk levels;

b. The risk handling prioritized extent;

c. The compound of signs of risks;

d. The effectiveness of the handling measure application; examine the element of resources in comparison with the achieved results;

...

...

...

f. Select and propose appropriate handling measures regarding risks prioritized to handle;

g. Select and propose handling measures regarding other risks (provided for in part I of this Regulation).

3.2. Developing plans, preparing conditions for risk handling

3.2.1. Plans of risk handling shall be implemented at 02 levels, units:

a. Risk management units at General-department level shall make handling plans regarding risks generally applying to the entire branch;

b. Risk management units at electronic customs Sub-department level shall make handling plans regarding risks within the sub-department level on the basis of unifying and ensuring the implementation of the contents in accordance with the plan of the General Department.

3.2.2. Contents of risk handling plans:

a. List of risks needs to be handled;

b. Measures to handle expected risks;

...

...

...

d. Duration for the risk handling including starting and ending time;

e. Implementing units or Officerss;

f. Necessary conditions regarding facilities, equipment, budget;

g. Plans on monitoring, assessing the handling results and the report on information feedbacks.

3.2.3. Competent leaders (provided for in part IV of this Regulation) at levels, units, based on risk handling plans reported by officers, public servants, shall consider the suitability, effectiveness and feasibility of the plans to approve the implementation.

3.2.4. On the basis of the plans approved by competent leaders, the risk management unit shall transfer the requirements, handling plans to relevant units to implement.

3.3. Operating the risk analyzing, assessing system

The risk analyzing, assessing system is operated through activities of risk management criteria and professional information update; the integrated system shall process data and produce risk assessment, classification results; select and channel the objects of inspection.

3.3.1. The update of risk management criteria is implemented at 02 levels: The General Department and Sub-departments of Electronic Customs.

...

...

...

On the basis of the approved risk file, officers operating the system shall update the risk management criteria on the risk analyzing, assessing system in accordance with the extent and level of application. Including 3 kinds of criteria:

- Selection criteria regarding means of transport and goods on means of transport exiting, entering country, in transit and in port transit;

- Risk criteria applying to customs clearance, includes:

+ Selection criteria;

+ Risk scoring criteria;

+ Random criteria;

+ Priority criteria;

+ Observance criteria.

- Selection criteria of post-customs clearance inspection objects, includes:

...

...

...

+ Risk criteria applied to post-customs clearance inspection

b. Sub-department of Electronic Customs level

On the basis of risk files approved by leaders of the sub-departments, Officerss operating the system shall update selection criteria on the risk analyzing, assessing system in accordance with the extent and level of application, in particular:

- Selection criteria regarding means of transport and goods on means of transport exiting, entering country, in transit and in port transit;

- Risk criteria applied to customs clearance, includes:

+ Selection criteria;

+ Risk scoring criteria;

+ Random criteria;

+ Priority criteria.

...

...

...

+ Observance assessing criteria;

+ Selection criteria applied to post-customs clearance inspection.

3.3.2. The risk assessing, analyzing system integrates, processes data and produces risk assessment, classification results; select and channel the objects of inspection:

a. Officers operating the system, after updating data, shall carry out the approval function on the risk analyzing, assessing system;

b. The system automatically integrates, processes electronic data on the basis of information technology application in order to process requirements, data and parameters updated on the system;

c. The system automatically receives and processes declared information, data to produce results of risk assessment and classification and inspection channeling;

d. The system raises operational requirements to orient inspection activities in customs clearance activities (in case the risk file does manifest) and post-customs clearance inspection.

3.4. Applying risk handling measures

3.4.1. Carrying out the preventing measures:

...

...

...

- Holding seminars, dialogues with enterprises;

- Publishing fliers, books, newspapers and making use of the means of mass media.

- Forms of discussion, problem solving via hotlines, website, and electronic mail boxes;

- Holding training, retraining, consulting programs for enterprises on customs law, processes of customs procedures and customs provisions to improve the self-management ability of enterprises.

b. Risk management units shall notify enterprises of signs of risks, hazards to the observance of enterprises, in cases of necessary, the risk management units could guide, support enterprises to proactively handle the risk situations, or to proactively stop the activities with potential signs of likely violations.

c. Through the risk management process, the risk management unit needs to identify risks coming from the system of policies, law and processes of procedures to propose, suggest amendment, supplement or take appropriate and timely management measures. Synchronously identify high risk-prone domains or domains of importance to concentrate on inspection, control and supervision so as to prevent potential risks.

3.4.2. Measures for detecting, preventing risk

a. Measures for detecting, handling risks during the process of conducting electronic customs procedures regarding seaways means of transport exiting, entering country, in transit, in port transit are provided in Annex 6 issued under this Regulation;

b. Measures for detecting, handling risks during the process of electronic customs procedures regarding exported, imported goods are provided in Annex 6 issued under this Regulation;

...

...

...

d. Measures for using controlling operations to monitor, detect objects of highly potential risks;

e. Officers working on risk management shall utilize the analyzing, monitoring, assessing functions of the risk management system to make the list of enterprises obliged to apply operational measures to monitor, detect and stop violations, including:

- Enterprises of high risks but not detected violations after many times of dossier inspection and actual goods inspection (red channel);

- Enterprises with signs of violations;

- Enterprises violating many times;

f. Officers shall suggest competent leaders to approve the list of enterprises obliged to apply controlling operational measures in order to transfer to the controlling unit at the same level;

g. Risk management units shall bear responsibility to regularly collect feedbacks on the process of monitoring, assessing regarding activities of enterprises on the list of enterprises obliged to apply controlling operational measures.

4. Step 4. Supervising, re-assessing and measuring, assessing observance

4.1. Supervision, re-assessment

...

...

...

4.1.1. The General-department level

a. Risk management units at the General Department level shall supervise the implementation of the process of risk management by the following measures:

- Controlling the risk analyzing, assessing system to supervise the implementation of the process of risk management at the units of Sub-departments of electronic customs, including:

+ The system channeling results;

+ The channeling, channel transferring at the Sub-departments;

+ The updating, application of risk management criteria at the Sub-departments.

- Supervising, assessing the implementation of risk management of units belonging to the General Department;

- Collecting feedbacks and reporting the assessment of the effectiveness of risk management application of the Sub-department in accordance with form MQLRRDT-7 (Annex 7) of this Regulation.

b. Assessing the effectiveness of risk management application

...

...

...

+ Assessing the achieved results regarding the set forth objectives;

+ Effectiveness of the applied risk handling measures;

+ Potential impacts, effects from the risk handling; feedbacks from relevant objects.

- Making use of the system’s functions to assess the application effectiveness of each of the risk management criteria registered, applied in the system;

- Synthesizing, analyzing operational reports, dossiers of violation cases and the system of violation data of the branch to assess the extent of observance of law.

4.1.2. Sub-departments of Electronic Customs

a. Risk management officers at the Sub-departments shall control the system to supervise the process of risk handling in accordance with the steps of the process of electronic customs procedures, in particular:

- Inspecting the system’s channeling results;

- Supervising the channeling, channel transferring at the Sub-departments;

...

...

...

- Monitoring, assessing the update, feedbacks at the steps of the process.

b. Synthesizing, analyzing, and assessing the effectiveness of risk management application at the Sub-departments, in particular:

- Assessing the effectiveness of the application of risk management criteria;

- Assessing the system’s channeling quality;

- Assessing the risk handling results;

- Re-assessing the remaining risks

c. Reporting feedbacks at the General Department level on the results of the implementation of risk management at the Sub-departments in accordance with form MQLRRDT-7 (Annex 7) of this Regulation.

4.2. Measurement, assessment of observance

4.2.1. Assessment of observance regarding specially-prioritized traders

...

...

...

a. Organizing the collection of data, information of enterprises in accordance with information norms in Annex 8 of this Regulation:

- Collect information from existing information sources;

- Collect information from enterprises on the basis of signing written regulations on the information exchange and provision;

- The system automatically integrates data from the information system of the entire branch;

- Synthesize information from observance assessing, measuring activities.

Collected information of specially-prioritized enterprises is updated on the system of enterprises management database.

b. Officers managing observance shall monitor, analyze, assess observance regarding specially-prioritized enterprises; based on the assessing criteria to propose competent leaders provided for in part IV of this Regulation for appropriate management measures.

c. Competent leaders shall approve the extent of observance and management measures applied to specially-prioritized enterprises.

4.2.2. Measurement, assessment regarding observance domains

...

...

...

- General-department level:

+ Collecting information, data of domains need to be assessed observance in order to produce initial assessment of the extent of observance in that domain;

+ Randomly sampling to measure the extent of observance for the identified domains, objects;

+ Analyzing dossiers and violation database to measure the extent of observance of each domain, object.

+ Synthesizing, analyzing the post-customs clearance inspection results of the Sub-departments of electronic customs and post-customs clearance inspection units in the entire branch in order to assess the extent of observance of each domain, object.

- Sub-department of Customs level

+ Conducting post-customs clearance in accordance with the annual plan regarding each domain, object of observance;

+ Assessing observance within the Sub-department on the basis of post-customs clearance inspection results.

b. Synthesizing, assessing the observance measurement, assessment results,

...

...

...

- Re-assess the effectiveness of customs inspection, control activities;

- Assess business results of key economic branches;

- Assess the operational extent of major exporters, importers;

- Assess the extent of the improvement of customs law observance;

c. Processing observance measurement, assessment results

Based on the observance measurement, assessment results, officers allocated to manage observance shall synthesize, analyze and handle as follows:

- For cases that the observance ratio is found lower than 95%, then assess each major importer as follows

+ Notify the importer in order to orient them towards voluntary observance;

+ Compile dossiers, identify major points regarding each of the detected non-observing domains;

...

...

...

+ Implement more assessments, inspections.

+ Sanction for violations.

- Based on the above results, officers allocated to monitor, measure, assess observance shall propose:

+ To identify risks need to be updated, supplemented;

+ To orient resources for efficient management;

+ To apply appropriate risk handling measures;

+ To reduce the frequency of the goods inspection regarding objects with high extent of observance and vice versa.

Part III

RISK FILE BUIDLING, MANAGEMENT, APPLICATION

...

...

...

1. Compiling the risk file

1.1. Establishing the file

1.1.1. Information, data of risks

On the basis of risk identification results, data, information of risks collected in step 1 of the process of risk management, risk management officers shall update information, data of risks, in which reflects in details contents of:

a. What the identified risk is, where and how it occurs;

b. Clue of detection: in what activity and measure it was detected;

c. Causes, conditions and objectives of the risk occurrence;

d. Subjects causing risks or relating to risks;

e. Signs of risks;

...

...

...

1.1.2. Foundation for establishing the risk file

a. Inspection, comparison for identifying as a basis for establishing the risk file, including:

- Whether or not the risks are detected and registered in the risk data file?

- Examining the risks in comparison with equivalent risks in the risk data file in order to identify the domains and sub-group of risks;

- Whether or not the information describing the risk is complete and authenticated?

b. Basis for establishing the risk file includes:

- Having information to identify the authenticity of the risks;

- The identified risks must be specific, not general;

- Risks causing obstruction for the management objectives of Customs;

...

...

...

1.1.3. Reporting, approving the risk file establishment

a. Risk management officers shall make reports on the establishment of the risk file. The report contents must specify:

- Collected information, data (as stated above);

- Risk-prone subgroup, domains to which the identified risks belong;

- Foundation for establishing the risk file;

- Proposals on risk analysis, assessment plans; including:

+ Sources of information, data needed to collect and supplement regarding risks;

+ Measures to collect information;

+ Methods for risk analysis;

...

...

...

+ Time of the implementation and completion.

b. Approving and registering risks

- After making reports, risk management officers shall submit to competent leaders provided for in Part IV for approving the report on the risk file establishment.

- Competent leaders shall approve the report;

- Risk management officers shall register the risks. The risk register is issued, monitored and managed by the risk management unit.

1.2. Updating the risk analysis, assessment results on the risk file

1.2.1. On the basis of the risk analysis, assessment results, officers shall update analyzed, assessed information on the risk file, including:

a. Subjects causing risk occurrence or relating to risks;

b. Natures, causes, conditions for risk occurrence;

...

...

...

d. Identification of the extent of consequences of the risks;

e. Identification of the risk level;

f. Being-applied controlling measures and their effectiveness;

g. Classification of the acceptable/unacceptable risks;

h. Handling priority rating;

i. Collection of signs of risks;

k. Setting up a written risk description on the basis of compounding signs of risks with characteristic properties of risks;

1.2.2. Recording risk handling plans;

1.2.3. Analyzing, assessing impacts, effects of the selected measures;

...

...

...

2. Managing, applying the risk file

2.1. Managing the risk file

2.1.1. Risk files are uniformly managed in the entire branch; risk management units at each level shall implement the risk file management accordingly to their level;

2.1.2. Risk files are managed by the registration numbers regarding each specific risk at each level;

2.1.3. Risk files are saved in paper documents or data updated on computers;

2.1.4. Annually, risk management units at the General-department level shall inspect, assess the implementation of risk file utilization, management regime.

2.2. Applying risk files

2.2.1. Risk files are the results of identifying and assessing actual state of risks in customs management domains, including:

a. Identifying and describing all the risks existing in customs management domains;

...

...

...

c. Classifying, concentrating resources for handling the high risks; synchronously using as a basis for the acceptance of low risks and not serious risks.

2.2.2. Risk files provide instruments for detecting, selecting risks through:

a. Signs of risks described in the risk file;

b. Compounds of risk registration established on the basis of distinctive signs of risks.

2.2.3. Risk files are the bases for the application of risk handling measures

a. Based on the risk file, officers working on risk management shall propose on applying the following measures:

- Developing programs of risk managements by objectives, scope and extent of application;

- Developing and launching programs of voluntary observance;

- Conducting observance measurement and assessment;

...

...

...

+ Inspecting dossiers, inspecting goods during the customs clearance (via automatic systems or documents directing, guiding risk management);

+ Inspecting post-customs clearance;

+ Applying customs control measures to supervise, investigate or organize combat, prevention;

+ Developing and carrying out plans; collaborating with units within and outside the branch to implement plans on prevention, stopping;

+ Not applying incentive mechanism to objects (enterprises, organizations, individuals) or domains of high risks.

b. Based on the risk analysis, assessment results recorded in the risk file, officers working on risk management may offer operational requirements and orientation applying to handling measures for specific risks.

3. Monitoring, assessing, supplementing, adjusting, eliminating risk files

3.1. Monitoring, assessing

Regularly monitor, assess the application effectiveness; identify remaining risks after processing, detect new risks to timely adjust or supplement.

...

...

...

3.2.1. Adjusting the risk levels: increase, decrease;

3.2.2. Proposing on adjustment of appropriate risk handling measures;

3.2.3. Supplementing/removing new risks indicators in the risk compound;

3.2.4. Detecting, registering newly-identified risks;

3.2.5. Eliminating files for risks determined to be low or no longer exist;

3.2.6. Saving risk files in accordance with the prescribed mode to serve research, analysis of similar risks or to reuse.

4. Forms of the risk file

The compilation and management of risk files is implemented in accordance with the uniform forms in the entire branch, including:

4.1. Report on the risk file establishment: applied when establishing risk files to submit to competent leaders for approval.

...

...

...

4.3. Report on risk analysis, assessment results: to report the contents of risk analysis, assessment results.

4.4. Form of risk handling plan: applied when compiling and reporting the plans of risk handling.

4.5. Direction of signs of risks: applied to direct risks orienting risk analysis activities at operational units.

4.6. Report on risk assessment, monitoring results.

Part IV

ORGANIZATIONAL STRUCTURE, TASKS, AUTHORITY AND RESPONSIBILITIES FOR THE APPLICATION OF RISK MANAGEMENT IN ELECTRONIC CUSTOMS PROCEDURES

1. Risk management apparatus organizational structure

Including 02 levels: General Department and Sub-department of electronic customs:

1.1. At the General-department level: Team of customs inspection, control methods renovation of the Board of Renovation is the contact point directing the application of risk management in electronic customs procedures of the entire branch.

...

...

...

2. Tasks, authority and responsibilities at the General-department level

2.1. Tasks

2.1.1. To develop and carry out the master plan on the application of risk management;

2.1.2. To collect information, develop, consolidate database serving the application of risk management;

2.1.3. To develop, operate, improve the risk management system supporting the application of risk management;

2.1.4. To compile, update risk files at the General-department level;

2.1.5. To compile, manage, update sets of criteria at the General-department level;

2.1.6. To guide Sub-departments of Electronic Customs to compile risk files and update criteria at the Sub-department level under decentralization;

2.1.7. To inspect the implementation of the application of risk management at the Sub-departments of Electronic Customs;

...

...

...

2.1.9. To organize training, retraining in the application of risk management in the entire branch.

2.2. Authority

2.2.1. General Director of the General Department of Customs shall approve the master plan and decide the issues relating to the application of risk management in electronic customs procedures; approve sets of risk criteria at the General-department level.

2.2.2. Director of Anti-smuggling and Investigation Department shall review, establish, and approve risk files at the General-department level.

2.3. Responsibilities

2.3.1. The Department of Customs Renovation and Modernization:

a. To develop, counsel the General Director to approve programs, master plan applying risk management in electronic customs procedures;

b. To guide the implementation of the master plan on the application of risk management in electronic customs procedures;

c. To instruct, inspect, urge the application of risk management in electronic customs procedures;

...

...

...

2.3.2. The Anti-smuggling and Investigation Department:

a. To compile, manage, update risk management files at the General-department level applying to electronic customs procedures;

b. To coordinate with the Board of Renovation and Modernization to select and apply risk management criteria in electronic customs procedures;

c. To manage, operate, improve, and develop the risk management system so as to satisfy requirements of the operation of electronic customs procedures.

d. To coordinate with the Department of Information Technology and Customs Statistics to implement measures for ensuring the risk management system security and safety;

e. To completely implement the tasks on collection, processing of information and risk management in accordance with general provisions of Customs branch.

2.2.3. The Department of Post-Customs Clearance Inspection:

a. To analyze risks, establish criteria serving post-customs clearance inspection at the General-department level;

b. To coordinate with the Board of Renovation and Modernization to develop and implement programs, plans of post-customs clearance inspection serving the assessment of observance.

...

...

...

d. To coordinate with the Board of Renovation and Modernization, the Anti-smuggling and Investigation Department to exchange information on enterprises, ensuring to timely update information of the operation of enterprises.

2.3.4. The Department of Supervision and Management:

a. To analyze, assess risks in Customs supervision and management;

b. To compile, update the list of commodities by management groups and goods categories.

- List of goods banned from export, import in present (10-digit code);

- List of goods banned from export, import subject to line management (10-digit code)

- List of goods in accordance with CITES treaty and BASEL treaty;

- List of goods subject to the state quality inspection, food hygiene and safety inspection, animal and plant quarantine;

- List of goods difficult to categorize and likely to cause confusion when categorizing (10-digit code);

...

...

...

The above goods lists must be categorized by HS code (10-digit code) and be timely reviewed, adjusted and supplemented when being changed.

2.3.5. The Department of Inspection on Export-Import Duties Collection:

a. To analyze, assess risks in the inspection and collection of export-import duties;

b. To regularly synthesize, assess, make timely lists of goods with high risks of fraud acts on prices (10-digit code), propose methods, extent of management for these kinds of goods; to synthesize modes and tricks of tax frauds and send to the Board of Renovation and Modernization and the Anti-smuggling and Investigation Department to consider and apply risk management;

Centers of exported-imported goods analysis and categorization in the North, the Central Region, the South shall regularly synthesize, assess, make timely lists of goods likely to cause confusion of categorization, usually commit violations of quality, and send to the Board of Renovation and Modernization and the Anti-smuggling and Investigation Department to consider and apply risk management.

2.3.7. The Department of Information Technology and Customs Statistics:

a. To collaborate with the Board of Renovation and Modernization and the Anti-smuggling and Investigation Department to maintain and develop the risk management system so as to satisfy the operational requirements of electronic customs procedures.

b. To ensure the smooth and constant transmission/reception of online information; to ensure system security and safety;

c. To instruct, inspect the exploitation and utilization of the system; to sustain, maintain the computer system, and implement the network security and safety measures.

...

...

...

2.3.8. The Department of Financial Planing in collaboration with the Board of Renovation and Modernization and the Anti-smuggling and Investigation Department and the Department of Information Technology and Customs Statistics to propose on ensuring conditions of infrastructure, equipment and expenses serving the operational information collection, processing and risk management.

3. Tasks, authority and responsibilities at the Sub-department of Electronic Customs level

3.1. Tasks:

3.1.1. To implement the guidance relating to the application of risk management in electronic customs procedures of the General Department;

3.1.2. To collect information, to develop, consolidate database serving the application of risk management under decentralization;

3.1.3. On the basis of the master plan on the application of risk management, to develop programs, plans on the implementation of the general plan under decentralization;

a. Propose on the development, operation, improvement of the information system supporting the application of risk management;

b. Compile, manage, and update risk files at the Sub-department of Electronic Customs level;

c. Compile, manage and update criteria at the Sub-department of Electronic Customs level;

...

...

...

e. Organize training, retraining in the application of risk management within the Sub-department of electronic customs;

f. Implement other tasks directly managed by the Directors of the Departments of Customs of provinces, cities and allocated by the General Director of the General Department;

3.2. Authority:

Heads of the Sub-departments of Electronic Customs shall compile, update and approve risk classification criteria, risk assessment criteria, risk files at the Sub-department of Electronic Customs level.

3.3. Responsibilities

3.3.1. To apply risk management data of the General-department level to the selection of mediums for inspection, channeling of exported-imported goods and subjects of post-customs clearance inspection.

3.3.2. To compile, manage, update the risk files applied by Sub-department of Electronic Customs level in electronic customs procedures.

a. Compile the initial risk files in risk management at Sub-department of Electronic Customs level;

b. Weekly, on the basis of setting up situational contexts, identifying risks, analyzing risks, assessing risks, consider the amendment, supplement and approval of risk files at Sub-department of Electronic Customs level to ensure the suitability with the actual state of customs management;

...

...

...

3.3.3. To propose to create newly, remove, change, lock user account groups (Name and password), users, or user accounts belonging to the Sub-departments of Electronic Customs. To manage the use of user accounts in compliance with the risk management Regulation.

3.3.4. To preside over the management of criteria sets at Sub-department of Electronic Customs level:

a. Based law provisions, operational information analysis results of units, of the General Department and operational information provided by concerned units within and outside of the branch, review, assess, update risk classification criteria, risk assessment criteria at Sub-department of Electronic Customs level;

b. Implement the establishment, approval of risk classification criteria, risk assessment criteria on the system; synthesize, assess at Sub-department of Electronic Customs level.

3.3.5. To assess the effectiveness, adjust the application of risk management:

a. Monthly, before the day of 23rd, report the operational information synthesis, analysis and assessment results and feedbacks on the effectiveness of the application of risk management; compare with the risk extent classification of each of the criteria, the criteria selection methods, the amount of selected criteria;

b. Based on the actual situation, proactively propose, amend, supplement or replace risk management criteria, adjust selection methods, risk classification criteria, risk assessment criteria.

Part V

ORGANIZATION OF IMPLEMENTATION

...

...

...

2. The Directors of the Departments of Customs of provinces, cities shall bear responsibility for leading, allocating units belonging to or directly under such Departments to coordinate with the Sub-departments of Electronic Customs to implement the application of risk management in electronic customs procedures.

3. The Directors of Departments, heads of units belonging to the General Department agencies are responsible for coordinating with the Board of Customs Renovation and Modernization to implement their allocated tasks as prescribed in this Regulations.

4. Units, individuals violating provisions of this Regulation shall be sanctioned in accordance with branch and law provisions.

This Regulation takes effect from the date of its promulgation. The units shall report difficulties and obstructions arising during the implementation to the General Department for guidance or timely amendment, supplement./.