Risk management and legal nature of the AEO
The risks management is the pillar of the internal compliance systems linked to the AEO status. According to the “Authorised economic operator-guidelines” TAXUD/B2/047/2011 –Rev.6 an AEO must focus on processes, management of risk, internal controls and measures taken to reduce risks.
The AEO approach, based on the risks management, should include a regular review of processes (directly or indirectly impacting on the customs obligation), controls and, measures taken to reduce or mitigate risks related to the international movement of goods.
In particular, internal control is the process implemented by the AEO to prevent, detect, and address risks in order to assure that all relevant processes are adequate. In other words, a company that has not implemented any internal control system or there is evidence that the system is performing poorly is, by definition, at risk.
The Authorised economic operator-guidelines underline that “ For an AEO, this means that the economic operator has to set out clearly in its policies/strategies the objectives of being compliant with customs rules and of securing its part of the supply chain according to its business model” and list the main steps of the risks management:
– a continual cycle of identifying needs or requirements, – evaluating the best means for complying with the requirements,
– implementing a managed process for applying the selected management actions, – monitoring the performance of the system,
– maintaining evidence of the application of processes used to meet business objectives, and identify functional or business improvement opportunities, including reporting mechanisms on gaps, incidental mistakes and possible structural errors;
– define the responsible person or, depending on its size and complexity, a unit responsible for carrying out risk and threat assessment and for putting in place and evaluating the internal controls and other measures.
Moreover, it is important to add that the risks management is the main approach to manage and comply with other regulations whose infringement can impact on the reliability of the AEO (e.g: the decree n.231/2001, as confirmed by the Italian customs reform, on the the corporate liability of legal entities in Italy covers, among others, the crime customs, VAT and excise sanctions like smuggling).
The role plaid by the risks management helps us to go deep with the analysis of the legal nature of the AEO authorization.
In particular, the AEO status represents an accidental and non-mandatory element of the customs obligation. This is given by the authorization which is the unique customs decision able to “defining and qualifying” its owner. Indeed, in this way the economic operator becomes reliable within the context of a participatory cooperation relationship with the customs administration.
The AEO authorization is an administrative deed released by the national customs entity/bodies in accordance with the EU regulations. This is valid throughout the EU customs territory and, if a mutual recognition agreement is valid, also with third countries; furthermore, despite being regulated in customs regulatory acts, it is important to highlight that it constitutes an authorization based on an overall evaluation of the structure and functioning of the object being requested. It therefore has an all-encompassing nature of the business complexity; the “complexity” covers all the processes which directly or indirectly impact on the compliance of the customs obligation.
Specifically, the AEO requires a number of checks, centered on the audit, including, as above mentioned, not only the purely customs aspects (such as the management of the symptomatic elements of the customs debt) but also the structural and subjective aspects of the applicant which are substantiated in the possession of certain criteria in terms of the ability to control, monitor and react to the corporate structure in relation to the occurrence of harmful or potentially harmful events; in other words, the holder of the aforementioned authorization must demonstrate an adequate ability to control and correct his activities together with other requirements indicated by EU legislation and, in any case, attributable to the criterion of qualified care.
This authorization is, especially, based on the participatory cooperation between the economic operator and the customs body.
The latter figure, in fact, is reliable because it owns an authorization that qualifies the economic operator as having an all-encompassing, global reliability based on its own qualified care which, in turn, requires continuous monitoring of the corporate functions of greater importance and constant attention to regulatory changes that impact corporate business; the development of the circular economy, of EU regulations such as the carbon border adjustment mechanism, the greater control powers regarding environmental sustainability are just some of the examples of legislation and legislative policies that must be taken into consideration in order to avoid damaging the criterion of compliance with customs legislation. In other words, the AEO is based on monitoring also characterized by knowledge of the legislation since its own qualified diligence requires adequate and qualified knowledge with respect to the commercial activities of the economic operator.
On the other hand the qualified care typical of the AEO represents not only a behavioral standard for the owner but even a characterizing element of the customs decision in question since it summarizes, in a transversal way, all the criteria envisaged by the article 39 UCC.
Finally, it is worth highlighting the following points of attention for, hopefully, an ongoing doctrinal and operational debate:
- The AEO must be considered as a tool to simplify customs operations regardless of the size of its owner. Therefore, it would be interesting for the legislator to provide general facilitative rules for “small” and “medium” businesses, thus guaranteeing greater understanding of the institution;
- The AEO is an authorization characterized by continuous monitoring which must be written, tracked and capable of providing solutions to problems that emerge from risk management in the company;
- The AEO, due to its legal nature must adapt its architecture to the development of legislation; for example, it could be interesting to recall again the CBAM regulations and deforestation due diligence;
- The legal nature of the AEO must be taken into consideration for the sanctioning aspects and for the management of administrative processes;
- The reliability of the AEO must be based on the demonstration of adequate diligence which in turn is expressed in all the aspects indicated by the SAQ questions.