Authorised Economic Operator Criteria - Record Keeping
Information on Authorised Economic Operator Criteria - Record Keeping.
HMRC will look at the business applying for Authorised Economic Operator (AEO) and, having considered various factors (such as size and complexity of the business, what type of authorisation is being applied for and if any customs authorisations are currently held), establish if the applicant has a satisfactory system of managing commercial and, where appropriate, transport and logistical records.
In order to satisfy HMRC that the business has a satisfactory system, they will need to:
- maintain an accounting system which is consistent with generally accepted accounting principles and which provides a full audit trail of customs activities which facilitate audit-based customs control
- allow HMRC physical and/or electronic access to customs and, where appropriate, transport and logistical records
- have a logistic system which distinguishes between goods subject to customs controls and those in free circulation. (not applicable in the case of security and safety AEO authorisations)
- have an administrative organisation which corresponds to the type and size of business and documented procedures to control and manage the flow of goods
- have internal controls capable of detecting illegal or irregular transactions
- have satisfactory procedures in place for the handling of licences and authorisations connected to commercial policy measures
- have satisfactory procedures in place to archive and retrieve records and information, and also for protection against the loss of information or data
- ensure that employees are made aware of the need to inform the customs authorities whenever compliance errors arise immediately and establish suitable contacts to inform the customs authorities of such occurrences
- where appropriate, have robust procedures for verifying the accuracy of customs declarations submitted on their behalf by third parties
- have appropriate information technology security measures in place to protect computer systems from unauthorised intrusion and to secure documentation and data
A complete audit trail will allow tracking of operational activities from the flow of goods and products coming in, being processed, and leaving the business. A complete audit trail also maintains a historical record that enables businesses to trace a piece of data from the moment it enters the data system to the time it leaves.
The audit trail should include:
- sales
- purchases and purchase orders
- inventory control
- storage (and movements between storage locations)
- manufacture
- sales and sales orders
- customs declarations and documentation
- shipping
- transportation
- accounting, for example, invoicing, credit and debit notes, remittances/ payments
An accounting system would normally include:
- general ledger
- sales ledger
- purchase ledger
- assets
- financial statements (balance sheet, income statement, statement of cash flows and statement of stockholders equity)
- management accounts
The logistical system would normally include:
- sales order processing
- purchase order processing
- manufacture
- inventory – storage, warehousing
- shipping/transport
- supplier/customer lists
Registration procedures should include, before and during the arrival of goods:
- purchase ordering procedures
- confirmation of order
- shipping/ transport of goods
- supporting documentation requirements
- transport of goods from the frontier to the applicant and their customers’ premises
- receipt of goods at the applicant’s or their customers’ premises
- payment/settlement
- how, when and by whom goods are entered into the stock record
During the storage of goods
If the business stores goods, procedures should include:
- a clear assignment of a location for storage of the goods
- safe storage of dangerous/hazardous goods
- whether stock is recorded by value and/or quantity / under and over shipments
- existence and frequency of stocktaking
- if a third party’s premises is used to store goods, arrangements including reconciliation between the applicants and third party’s stock record
- If a temporary location is used to store the goods
During the manufacturing process of goods
If the business manufactures goods, procedures should include:
- raising the works order
- requisitioning of stock items and delivery from storage
- manufacturing process, staff responsibilities, and records maintained
- recording the manufactured product and unused stock in the stock records
- use of standard manufacturing methods in the production
During the shipping process of goods
If the business ships goods, procedures should include:
- receiving customer order and raising works or purchase order
- informing the warehouse of the sale order/ release of the goods
- instructions to third party if goods stored elsewhere
- picking
- packing procedures
- how, when and by whom the stock records are updated and checked
Checking and quality control procedures should include:
- reconciliation between purchase order and goods received
- arrangements for returning/rejecting goods
- arrangements for accounting and reporting short and over shipments
- arrangements for identifying and amending wrong entries in the stock record
- identification of non-UK goods within the system
During the storage of goods
Checking and quality control procedures should include:
- recording and controlling the stock
- identifying UK and non-UK goods (not appropriate for AEOS)
- movement and recording of goods between locations within the same premises or different sets of premises
- arrangements for dealing with breakages, deterioration or destruction of goods, losses and stock variations
During the manufacturing process
Checking and quality control procedures should include:
- monitoring and management controls of the manufacturing process, for example, rates of yield
- how to deal with irregularities, variations, waste, by-products and losses in the manufacturing process
- quality inspection of manufactured goods and recording of results
- safe disposal of hazardous goods
During the shipping process of goods
Checking and quality control procedures should include:
- despatch/ collection notes
- transport of goods to customers or to the frontier for (re-)export
- raising sales invoices
- instructions to agent for (re-)exports and raising/availability/control of supporting documents
- acknowledgement of receipt/evidence of shipment of goods
- returned goods – inspection, counting and recording in stock
- payment and credit notes
- dealing with irregularities, short shipments and variations
Customs routines, where applicable, should have satisfactory procedures in place for the handling of licences and authorisations granted in accordance with commercial policy measures. Businesses should make sure that relevant employees are instructed to inform the customs authorities immediately whenever compliance irregularities are discovered. There should be documented procedures for verifying the accuracy of customs declarations in place, including those submitted on behalf of the business.
Importers, exporters, warehouse keeper’s procedures should include:
- how the completeness, accuracy and timeliness of customs declarations made by the business is checked including performing management checks
- presentation or availability of supporting documentation
- up to date details (names and addresses) of customs agents/ third parties used
- how customs agents are appointed, for example, the credibility and suitability checks the business perform before they appoint them
- the circumstances when they are used
- contracts detailing responsibilities, including the type of representation by customs agent, for example, direct, indirect
- how clear instructions are provided to the agent
- how the business provides supporting documents (for example, licenses, certificates etc) to a customs agent, including presentation and retention/return
- what the customs agent should do if the instructions are unclear
- checking/verification of the accuracy and timeliness of the appointed customs agent’s work
- how they notify their customs agent of any errors/amendments regarding cleared entries
- dealing with irregularities
- voluntary disclosures of errors to Customs as soon as they are identified
If a business contracts a customs intermediary to submit declarations on their behalf, they are required to have procedures which detail:
- contracts detailing responsibilities, including the type of representation to be used, for example, direct, indirect
- checking direct representation clients have a physical presence in the UK. A GB EORI is not proof of establishment in the UK
- how the business ensure the completeness, accuracy and timeliness of customs declarations they make, including performing management checks
- prompt presentation or availability of supporting documentation
- how staff are aware of customers’ and contract requirements
- what to do if the customers’ instructions are unclear or the details provided are wrong
- what to do if errors are discovered/amendments regarding cleared entries
- voluntary disclosures of errors to HMRC as soon as they are identified
- training and updating on customs and international trade matters for all staff
If the business trades in goods that are subject to economic trade licences, there should be appropriate procedures in place for the handling of these licences and authorisations. These procedures should be reviewed regularly, with any changes being documented and the affected staff being notified.
Where applicable, satisfactory procedures should be put in place for the handling of import and export licenses connected to prohibitions and restrictions (such as embargos, dangerous goods etc), including measures to distinguish goods subject to prohibitions or restrictions from other goods and measures to ensure compliance with those prohibitions and restrictions.
There should be satisfactory procedures in place for archiving records and information and for protection against the loss of information.
Procedures should include details on what kind of media the data is stored, in which software format the data is stored and whether the data gets compressed and at what stage. If a third party is used, indicate the arrangements, the frequency and location of any back-up and archived information.
There should be appropriate security measures in place to protect computer systems from unauthorised intrusion and to secure documentation, for example the use of firewall, antivirus programme, password protection.
Actions businesses should consider:
- an updated safety plan describing the measures in place protecting the computer system from unauthorised access as well as deliberate destruction or loss of information
- details of whether multiple systems at multiple sites are operated and how they are controlled
- who is responsible for the protection and running of the company’s computer system (responsibility should not be limited to one person only but to several persons who are able to monitor each other’s actions)
- details of firewalls, anti-virus and other malware protection
- a business continuity/ disaster recovery plan in case of incidents
- back-up routines including restoration of all relevant programmes and data following the disruption due to a breakdown of the system
- logs where each user and their actions are recorded
- whether the vulnerability management of the system is done periodically and by whom
Access rights procedures should include:
- how authorisation for access is issued and the level of access to the computer systems (access to sensitive information should be limited to staff who are authorised to apply changes and additions to the information)
- the format for setting passwords, frequency of changes and who issues passwords
- removal, maintenance and updating of user details.
Businesses should ensure actions have been taken in order to protect information/ documents from unauthorised access, abuse, intended destruction and loss (for example, restricted access rights, creation of electronic backup, clear-desk policy).
Actions should normally include:
- recording and back-up of documents and limiting access
- an updated safety plan describing the measures in place to protect documents from unauthorised access as well as their deliberate destruction or loss
- the filing and safe, secure storage of documents including responsibilities for their handling
- dealing with incidents which compromise document security
- testing of systems against unauthorised access and recording the results
- business continuity/ disaster recovery plan
- documented remedial action taken as a result of any actual incidents if applicable