Supply Chain Security: Actions Needed to Improve CBP Management of the Customs Trade Partnership Against Terrorism Program

What GAO Found

U.S. Customs and Border Protection (CBP) has implemented the Customs Trade Partnership Against Terrorism (CTPAT) program as part of a layered, risk-informed approach to supply chain security. CTPAT provides private companies in the supply chain with certain benefits (e.g., reduced cargo inspections or expedited processing) in exchange for voluntary adherence to additional security requirements. CBP monitors CTPAT participants' involvement in security incidents, such as smuggling cargo that contains narcotics, which could result in participants' suspension or removal from the program.

According to CBP data, about 4 percent of CTPAT program participants were involved in one or more security incidents. Specifically, 480 CTPAT program participants were involved in approximately 2,200 security incidents (about 1 percent of all incidents) in the cargo supply chain in fiscal years 2020 through 2024. The most common type of security incident that participants were involved in were drug-related, accounting for just under 50 percent of all incidents. However, CBP does not collect complete data on security incidents involving program participants, such as on incidents self-reported by participants. Ensuring data on CTPAT security incidents are complete and consistent would position CBP to better identify and understand possible risks to the cargo supply chain.

Customs Trade Partnership Against Terrorism (CTPAT) Participant Involvement in Security Incidents That Occurred in the Cargo Supply Chain, Fiscal Years 2020-2024

Note: These data are estimates. While GAO determined that these data are sufficiently reliable to report approximate numbers, limitations in these data exist. For more details, see GAO-26-107893. The total number of CTPAT participants is as of August 2025.

CBP did not consistently investigate security incidents involving CTPAT participants or take enforcement actions against them. For example, GAO found several cases where CBP documented that they would not investigate a security incident involving a program participant and did not take enforcement action against them, but did not explain these decisions. In one instance, CBP did not take enforcement action against a participant involved in a security incident in 2021. This same participant was subsequently involved in dozens of additional incidents before it was suspended 2 years later. Without clear, documented decision criteria to determine appropriate enforcement actions against CTPAT participants involved in security incidents, CBP risks leaving the nation and supply chain vulnerable to additional security incidents.

Why GAO Did This Study

The U.S. economy depends on the quick and efficient flow of millions of tons of cargo each day throughout the global supply chain. However, U.S.-bound cargo can present security concerns, as there is a risk that terrorists could use cargo shipments to transport a weapon of mass destruction or other contraband into the U.S.

The Customs Trade Partnership Against Terrorism Pilot Program Act of 2023 includes a provision for GAO to assess the effectiveness of the program. This report examines (1) the number and types of security incidents that occurred in the cargo supply chain in fiscal years 2020 through 2024 and the extent to which CTPAT participants were involved; (2) enforcement actions against CTPAT participants involved in security incidents during this timeframe; and (3) the extent to which CBP meets certain statutory requirements in its management of the CTPAT program.

GAO analyzed CBP data on CTPAT participant involvement in security incidents and CTPAT's enforcement actions against these participants in fiscal years 2020 through 2024. GAO also reviewed CBP procedures for addressing program participant involvement in security incidents and interviewed CBP headquarters officials.