Customs controls: insufficient harmonisation hampers EU financial interests
About the report:
Within the EU Customs Union, uniform application of customs controls by Member States is necessary to prevent fraudulent importers from targeting border entry points with a lower level of controls. The Union Customs Code requires the Commission to take the necessary action to ensure Member States apply customs controls uniformly. To achieve this objective, the Commission recently adopted the Financial Risks Criteria and Standards Implementing decision. This is accompanied by guidance endorsed by the Member States. These two documents together make up the customs financial risk framework.
In this audit we assessed whether the above decision and related guidance developed by the Commission for application in the Member States were designed in a way that ensured harmonised selection of import declarations for control, and how Member States were implementing them.
We concluded that implementing the new customs financial risk framework is an important step towards uniform application of controls. However, the framework is not designed well enough to ensure that Member States select controls in a harmonised way. In addition, Member States implement the above decision and guidance in different ways.
We make recommendations to the Commission to enhance the uniform application of customs controls, and develop and implement a fully-fledged analysis and coordination capacity at EU level. Making progress will require the support and, where necessary, the approval of the Member States.
ECA special report pursuant to Article 287(4), second subparagraph, TFEU.
The EU Customs Union was created more than 50 years ago. In the area of customs, the EU has exclusive competence to adopt legislation, while Member States are responsible for implementing it, including customs controls. The Member States’ customs authorities play a key role in balancing the need to facilitate trade, with faster and seamless import procedures, and the need to apply customs controls. Customs duties collected in 2019 amounted to €21.4 billion, representing 13 % of EU budget revenue.II
Uniform application of customs controls by Member States is necessary to prevent fraudulent importers from targeting border entry points with a lower level of controls. The EU’s main customs legislation, the Union Customs Code, requires the Commission to take the necessary action, starting in 2016, to ensure Member States apply customs controls uniformly. Pursuing this objective, the Commission in 2018 adopted the Financial Risks Criteria and Standards Implementing decision (the “FRC decision”) in order to harmonise Member States’ selection of imports for controls. This Decision is accompanied by guidance, endorsed by the Member States in 2019. These two documents (the FRC decision and the guidance) together make up the customs financial risk framework. We decided to carry out this audit in the light of the introduction of this new regulatory framework.III
We assessed whether the above framework developed by the Commission for application in the Member States was designed in a way that ensured harmonised selection of import declarations for control, and how Member States were implementing this framework. Implementing the FRC decision and guidance is an important step towards uniform application of customs controls. However, the framework is not designed well enough to ensure that Member States select controls to make on import declarations in a harmonised way. In addition, Member States implement the framework in different ways.IV
The FRC decision does not define the concept of risk well and is insufficiently detailed. We also found that the framework lacks important features, such as: an EU-wide analysis, based on data from all EU imports; appropriate data-mining techniques; and appropriate methods to address financial risks for imports resulting from e-commerce. In addition, the framework does not provide adequate arrangements for monitoring and reviewing its application.V
The Member States have started to implement the Commission’s framework, mostly by mapping the criteria they previously used for targeting suspect imports (“risk profiles”) to the corresponding criteria from the decision. However, for the Member States visited, implementing the FRC decision has not significantly changed their control selection procedures. We found that Member States did not interpret risk signals in the same way, resulting in different criteria for selecting imports for control. We also found that Member States shared only very limited information with one another on importers assessed as risky. This hampers effective and harmonised control selection procedures.VI
Under the framework, Member States may reduce the number of recommended controls resulting from their risk analysis to a level that is feasible based on their resource constraints. We noted that Member States did not apply similar procedures for reducing the number of controls, leading to different national practices to address similar risks. We also found that some Member States did not subject all declarations to an automated risk analysis as required by the FRC decision.VII
We make recommendations to the Commission to enhance the uniform application of customs controls, and develop and implement a fully-fledged analysis and coordination capacity at EU level.
The Customs Union is important for EU trade and revenue01
In 2018, the EU celebrated the 50th anniversary of the Customs Union. The Customs Union is based on the elimination of customs duties and other restrictions on commerce between participating countries, and the establishment of common customs duties on imports from third countries. This is an area of exclusive EU competence1, where the EU defines most customs policy and adopts customs legislation. However, responsibility for implementing customs legislation lies primarily with the Member States2, and includes collecting customs duties for the EU and applying customs controls.02
The EU is dependent on the efficient flow of goods into and out of the Customs Union. According to the latest available statistics3, the EU’s imports and exports combined were worth approximately €4 trillion in 2019 (representing around 25 % of the EU’s GDP). This demonstrates the impact of international trade on the EU’s economic activity, and the importance of the Customs Union. Figure 1 shows the most important countries of origin of the EU’s imports and the main goods imported.
In addition, customs duties on imports are an important source of EU budget revenue, amounting to €21.4 billion (13 % of the total) in 2019. Figure 2 shows the 2019 values of the Member States’ imports, the duties they made available to the EU budget and the 20 % they retained to cover their collection costs.
Risk analysis and uniform application of customs controls are essential for effective collection of import duties04
Member States’ customs authorities are responsible for collecting customs duties, excise duties and value added tax (VAT) due at import. They also pursue several other objectives, such as improving internal EU security, protecting the EU from unfair and illegal trade, and protecting the environment. The fight against terrorism has become a priority for customs authorities.05
It is a challenge for customs authorities to strike a balance between the need to facilitate trade with faster and seamless import procedures and the need to apply customs controls, taking into account the resources available in their country. In a previous audit4 we found that there is a disincentive for Member States to carry out customs controls. This is because Member States which perform customs controls often end up bearing the financial consequences of their action if they do not succeed in making recoveries from importers. Member States which do not carry out such controls may not suffer any negative consequence. To optimise their activities, importers may favour points of entry with fewer customs controls.06
The Union Customs Code (UCC)5 defines “risk”6 as “the likelihood and the impact of an event occurring (…), which would: (a) prevent the correct application of Union or national measures; (b) compromise the financial interests of the Union and its Member States; or (c) pose a threat to the security and safety of the Union and its residents, to human, animal or plant health, to the environment or to consumers”. Financial risks are those compromising the financial interest of the EU and its Member States.07
The World Customs Organization (WCO) indicates in its risk management compendium that, to determine the level of risk, an analysis of the likelihood and the potential consequences and magnitude should be carried out7. Risk analysis is defined as the “systematic use of available information to determine how often defined risks may occur and the magnitude of their likely consequences”. It plays a key role in assessing how to allocate customs authorities’ scarce resources in order to maximise coverage of risks, including financial ones, with customs controls.08
Customs controls can vary in terms of:
- timing: (pre-)release controls are applied before import clearance, while post-release controls come afterwards, which means that they are less disruptive to trade flow;
- type: documentary controls cover the correctness, completeness and validity of the customs declarations, while physical checks involve also examining the goods themselves, including counting them and taking samples to check whether they match the customs declaration.
Each Member State has its own process for managing risks in the area of customs, based on specific characteristics and depending on several inputs. However, in general, the processes follow the scheme presented in Figure 3.
In previous years we have, on several occasions, identified significant risks and problems related to customs controls. We concluded that the UCC’s predecessor, the Community Customs Code (CCC)8, gave Member States excessive discretion in their post-clearance audit strategy9; that a level playing field between EU ports was lacking10; and that non-uniform application of customs controls by Member States allowed fraudulent operators to target specific border entry points11. The Commission, in its reply to our observations, stated that the common EU criteria and standards for financial risks would address the weaknesses we had identified. These were under preparation at that time. Statistics collected by the Commission show that the level of controls currently varies significantly between Member States: from less than 1 % of import declarations in some countries to more than 60 % in others, as Figure 4 shows.
Undeclared and wrongly declared imports that have escaped customs controls generate a “customs gap” – the difference between the actual import duties collected and the amount that, theoretically, should have been collected12. For example, a recent case of fraud in the United Kingdom, which failed to take adequate measures to mitigate the risk of undervaluation of textile and shoe imports, resulted in potential losses of customs duties that the Commission calculated (and entered in the EU accounts) at €2.7 billion for November 2011 - October 2017.12
In 2017, we recommended13 that the Commission, together with the Member States, should estimate the customs gap, but no such estimation has ever been carried out. In addition, the 2019 annual activity report of the Commission’s Directorate-General for Budget (DG BUDG) contained a reservation concerning the inaccuracy of traditional own resources (TOR) amounts transferred to the EU budget. This reservation covered the United Kingdom case and unquantified potential TOR losses in other Member States. Any gap in customs duties’ collection must be compensated by higher Gross National Income (GNI) contributions from Member States and ultimately borne by European taxpayers.
Uniform application of customs controls is a legal requirement13
The UCC, which entered into force in May 2016, made the uniform application of customs controls a legal requirement, specifying that the Commission is responsible for establishing common risk criteria and standards. Accordingly, after consulting the Member States, the Commission adopted an implementing decision in May 2018 laying down specific requirements for the management of such risks: the Financial Risks Criteria and Standards Implementing Decision (the “FRC decision”)14. This is an EU restricted document. The decision gave Member States some additional time to ensure that the requisite electronic data-processing techniques were in place. This is the first time that common risk criteria and standards to tackle financial risks have been set in a legally binding Implementing Decision.14
The FRC decision aims to harmonise Member States’ procedures for risk analysis and selection of imports for controls15. It does not cover procedures for applying controls, nor the quality and results of controls (see Figure 5).
In addition, the Commission (Directorate-General for Taxation and Customs Union (DG TAXUD)) and a working group made up of representatives from national customs authorities prepared a guidance document to complement the FRC decision. This guidance, which was finally endorsed by Member States in December 2019, is also an EU restricted document. It is not legally binding and therefore not enforceable. These two documents (the FRC decision and the guidance) together make up the framework developed by the Commission, in cooperation with the Member States, to establish the common financial risk criteria and standards required by the UCC.16
In July 2019, the von der Leyen Commission expressed the intention to strengthen the Customs Union, in particular with “a bold package for an integrated European approach to reinforce customs risk management and support effective controls by the Member States”16. In September 2020, DG TAXUD presented a plan for action to enhance the functioning of the Customs Union17. This was after the end of our audit.
Audit scope and approach17
We decided to carry out this audit in the light of the new regulatory framework (see paragraphs 13-15). Our audit covered the Commission’s establishment of common financial risk criteria and standards, and the way Member States were implementing these criteria and standards. We analysed whether the framework (FRC decision and guidance) developed by the Commission for implementation in the Member States ensured uniform application of customs controls to safeguard EU financial interests. To this end, we assessed whether the framework was adequate and how Member States were using their risk management systems to select import declarations to control. We examined all the steps leading up to the selection of import declarations to control and the follow-up of those controls. The audit scope did not include the quality of the customs controls and their results.18
We compared the Commission’s framework with relevant international standards and good practice (i.e. those of the WCO18 and International Organization for Standardization (ISO) 31000:2018 Risk management – Principles and guidelines), in order to assess its suitability for ensuring uniform application of customs controls. We also examined whether the Commission had sufficient monitoring, review and reporting arrangements.19
We visited the customs authorities of five Member States, and assessed how their risk management systems were using the common financial risk criteria and standards for selecting customs controls. We selected these Member States taking into account a combination of two criteria: the amounts of customs duties collected and our own qualitative risk assessment. We also analysed whether Member States’ procedures were leading to uniform application of customs controls. In addition, we sent a questionnaire to the customs authorities of all EU Member States to collect information on their perceptions regarding the current level of customs control harmonisation. All 27 Member States replied to the questionnaire. We asked their views on the adequacy of the framework, and the degree to which they had implemented the common financial risk criteria and standards.20
The audit visits took place between October 2019 and January 2020, after the deadline set in the FRC decision for Member States to ensure that the requisite of using the criteria in the automated risk analysis were in place. During this period, the guidance document, containing the technical elements needed to implement the FRC decision, was under discussion and therefore not yet applicable in Member States. It was formally endorsed in December 2019.
The risk management framework has weaknesses
The FRC decision does not define the concept of risk well21
We found weaknesses in the definition of the concept of risk in the FRC decision. This may lead to situations where Member States’ customs authorities do not prioritise controls on imports that pose a high risk to the EU’s financial interests.
The rules for Member States are not sufficiently stringent22
The UCC lists the requirements of the common risk criteria and standards that should be applied in Member States (see Box 1).
The common risk criteria and standards
According to the UCC19, the common risk criteria and standards should include the following:
- the description of the risks;
- the factors or indicators of risk to be used to select goods or economic operators for custom controls;
- the nature of customs controls to be undertaken by the customs authorities;
- the duration of the application of the customs controls referred to in point (c).
The FRC decision lists a number of financial risk criteria and risk indicators to be used by Member States in the control selection. The criteria referred to in the FRC decision are the risk areas to be tackled uniformly by the Member States. A risk indicator is a specific data element or information relating to the presence of a risk. In general, a specific risk is established on the basis of a combination of risk indicators.24
We found that the indicators do not have sufficiently stringent rules for activating the controls, allowing Member States to use them in different ways. This is because the description of risk criteria does not specify the circumstances, which should activate an indicator and thereby lead to selection. This has an impact on the risk profiles, which are a combination of criteria that, when applied to a customs declaration, can generate a recommendation for control - see Figure 3. The risk profiles may contain different activation criteria in different Member States, meaning they do not ensure harmonised selection of declarations for control. Furthermore, as the list of risk indicators presented for each criterion is not compulsory, the Member States have the discretion to use them (individually or in combination) as they wish.25
The FRC decision does not lay down specific rules on the nature and duration of customs controls. It leaves it up to the Member State customs authorities to decide on the control or verification measure to take. In addition, it does not specify how to use risk criteria and indicators to select declarations (or companies to be audited) for post-release controls.26
The guidance aims to provide a common interpretation of the FRC decision. It contains a description of the risk areas and specifies how to combine the different indicators to identify the overall level of risk. It also includes some qualitative indications on how to assess risk indicators. However, it lacks in-depth descriptions with quantifiable indicators for Member States customs authorities to use in their risk analyses. For example, while it gives some examples of how Member States could identify a risky trader or “economic operator of interest”, it does not prescribe a precise methodology to ensure all Member States define this risk indicator in the same way.27
The FRC decision allows Member States to decide on ways to reduce the number of controls to a level that is manageable based on the resources they have available. It refers to this possibility as “impact management”. The FRC decision provides for ways in which Member States can do this. Such impact management methods are typically applied when preparing a risk profile, using estimates by a risk analyst (see also Figure 3).28
The FRC decision does not set any limits on impact management and therefore gives Member States significant discretion in reducing the number of controls. For several risk criteria, the guidance indicates situations in which the number of controls should not be reduced, or only reduced if the reasons are clearly explained. Nevertheless, even where controls should not be reduced, the guidance document allows exceptions, without defining such cases specifically.29
In addition to impact management, customs authorities may decide not to perform the controls recommended by the automated system. This is known as “overriding” the recommendation (see also Figure 3). The FRC decision does not lay down sufficient rules to ensure consistency in overriding. The guidance recognises the Member States’ practice of overriding control recommendations. It suggests that overrides are not desirable in high-risk cases, and that all cases should be documented and explained. No specific indication is provided on when overriding is acceptable.
The framework lacks important features of an effective risk management system30
The UCC, the WCO’s risk management compendium and the ISO 31000 indicate the principles and features that should be present in a customs risk management system. We found that the EU framework did not contain the following key features of an effective risk management system:
- risk analysis at EU level;
- data mining (at both EU and Member State level);
- harmonised approach to random selections of declarations for control;
- platforms to exchange information on all risky importers;
- appropriate methods of tackling financial risks linked to imports from e-commerce (high number of low-value import declarations).
Different risks may be better identified and addressed at either national or EU level, and an effective risk management framework should deal with them at the level that is most suitable. As the EU operates as a Customs Union (where importers are free to choose their place of import), an EU level analysis would be more appropriate to identify and tackle EU-wide risks. As the WCO points out, risk assessment/targeting centres enable customs authorities to identify in a dynamic manner the transactions most likely to be non-compliant, thus allowing them to respond more effectively to the highest-risk situations20.32
According to the FRC decision, it is the Member States’ responsibility to carry out risk analysis and take all decisions on the relevance of EU and national data for the purposes of their own risk management systems. While risk assessment centres are often established at national level, the EU has not created an operational centre to address financial risks at EU level. In its customs action plan of 28 September 2020 (see paragraph 16), the Commission acknowledged the need to introduce an EU level of data analytics to reinforce the whole structure.33
Data mining is the process of discovering interesting and useful patterns and relationships in large volumes of data. Both ISO 3100021 and the WCO highlight the importance of data mining in the risk-management process. Data mining is more effective when more data is available. However, the framework does not include the requirement to conduct an EU-wide analysis based on data from all EU imports. The Commission has not systematically conducted such analyses to detect financial risks in customs. It has started a pilot project, known as “Joint analysis capacity” (JAC), to carry out data analysis at EU level. As described in Box 2, the JAC project was a positive initiative but was limited in terms of scope, capacity and outputs.
JAC pilot project
Following recommendations by the ECA22 and the European Parliament, DG BUDG, DG TAXUD and OLAF, the EU’s anti-fraud office, set up the JAC pilot project to analyse trade flows. Its scope was limited to the analysis of imports of certain products, giving rise to eight EU Risk Information Forms (RIF) (see paragraph 53) in 2019. The Commission expected Member States to create or update risk profiles on this basis. The follow-up of the outcome of these RIFs is ongoing.
In September 2020, the Commission published a customs action plan (see paragraph 16) in which it proposed to launch an EU “Joint Analytics Capabilities” initiative. This initiative will focus initially on exploiting data already available and develop appropriate governance solutions.
The FRC decision does not require Member States to use data mining techniques in their risk analysis. The guidance mentions this possibility, without identifying a clear methodology. A third of the Member States replied to our questionnaire that the EU framework on financial risks did not take sufficient account of advanced data analysis techniques (i.e. data mining). Two of the visited Member States created risk profiles resulting from investigations using data mining (using information mostly stemming from national databases). These profiles were highly effective in detecting irregularities. However, the other three visited Member States did not use these techniques in their risk assessment.35
Of the declarations not selected automatically using risk profiles, Member States randomly select a certain percentage for control. Such random selection is key to ensuring an effective control framework, including by identifying new, undetected risk signals23. The FRC decision stresses the importance of random checks, but does not include any rules to harmonise the proportion of imports Member States select or the method they apply. The guidance does not provide any additional instructions on how Member States should apply random selection.36
The existing platform, Customs Risk Management System (CRMS), is not well adapted for Member States to share information systematically with one another on risky importers. Therefore, each Member State only has information on those importers that it has itself assessed as risky. As importers can easily change the location where they clear imports, importers deemed risky in one Member State can instead clear imports in other Member States where they are not, thereby avoiding controls.37
E-commerce24 poses a challenge for customs risk management. Because it involves a high volume of low-value transactions, applying controls to each individual import declaration (each individual parcel requires a customs declaration) is not cost-effective. However, the risk of irregularities is likely to be significant, and the high number of such imports means the impact on the EU’s financial interests would be considerable. The framework established by the FRC decision and guidance does not take sufficient account of this phenomenon: risk profiles are applied to each transaction (import), and Member States can use impact management to reduce the number of transactions subject to controls (see paragraphs 27 and 28). The Commission recognised in its customs action plan (see paragraph 16) that additional actions are needed to ensure more effective customs control on e-commerce imports. Global trends in e-commerce indicate that the number of low-value import declarations will increase.
The framework sets only limited reporting, monitoring and review requirements38
The FRC decision specifies regular intervals at which the Member States must report to the Commission on the implementation of the common financial risk criteria. We found these reporting intervals may be too long to maintain an effective and up-to-date system, given the need to constantly monitor and review the framework. Two of the Member States visited also doubted that this frequency was conducive to timely action to improve the common risk criteria.39
Member States provide the Commission annually with information on their controls as part of the Customs Union Performance (CUP) reporting framework. The CUP reports could support the Commission’s monitoring of the Member States’ implementation of the FRC decision. However, they are not very helpful, mainly because the information on controls does not differentiate between controls for financial reasons and those for safety and security reasons. Furthermore, the indicators collected do not make it possible to assess the effectiveness of actions or profiles for specific risk areas.40
The WCO, in its Risk Management Compendium, points out that: “making sure that risk management activities are monitored and reviewed and that results are fed back to the policy level assists in ensuring that risk management remains effective in the long term” (see Figure 6).
As of October 2020, the Commission (DG TAXUD) had not established a procedure for regularly monitoring the Member States’ application of the framework. DG BUDG regularly visits Member States for inspections on customs duties. However, there are currently no plans for these inspections to also cover the Member States’ implementation of the FRC decision. In addition, there are no procedures for the Commission to deal with Member States’ failures to comply with the FRC decision. See Box 3 for one particular case involving Denmark.
Low level of customs controls in Denmark not appropriately followed up by the Commission
Following an inspection in Denmark, DG BUDG found in 2010 that the level of controls was very low. It reported a finding on this issue, which it followed up until 2015 but then closed, even though Denmark had not made any significant improvements and the issue was likely to affect implementation of the FRC decision. Since then, the Commission has not formally contacted Danish customs authorities on this matter.
Moreover, in 2017, the Danish Court of Auditors (Rigsrevisionen) published a report25 following up on the Commission’s criticism from 2010. This concluded, among other things, that the level of customs controls remained very low, that the risk management system had several shortcomings and that there were no random checks.
EU RIFs are online forms by which the Commission services exchange risk signals with the Member States (see paragraph 53). Even though Member States are not legally required to provide feedback on these forms, proper follow-up of EU RIFs is important to ensure consistent management of risks. Aside from the work done in the context of the JAC pilot (see Box 2) and DG BUDG’s inspections on customs duties in selected Member States, the Commission has not followed up to determine whether Member States have properly addressed risks identified in EU RIFs. The Commission did not regularly analyse the feedback provided by Member States, and did not take steps to address certain Member States’ lack of action.43
Our analysis shows that in 2019, three Member States did not provide any feedback, whereas four Member States provided feedback for only a few EU RIFs. In almost half (43 %) of cases where Member States provided feedback, they did not indicate whether they had created or updated a risk profile to address the issue described in the EU RIF or whether they already had a risk profile addressing the issue.44
In order to ensure effective customs risk management, appropriate review arrangements are important to improve the operation of the framework. In this regard, the WCO states that a robust framework with review criteria should be designed, and that such evaluations should cover all elements of risk management.45
An expert group comprising delegates from all Member States’ customs authorities and from the Commission was set up to discuss issues relating to the customs risk management in the EU. According to the guidance, this group should carry out a review of major issues related to implementation of the framework whenever needed. However, the Commission has not yet developed a clear review policy for the FRC decision and guidance, with milestones and criteria.
The framework is not leading to uniform application of customs controls
Member States still have different risk management practices46
The five Member States we visited considered that the risk management systems they had developed before the introduction of the FRC decision were already largely compliant with the provisions of the FRC decision. In their view, some minor adjustments would suffice to ensure full compliance with the FRC decision. The main way these Member States had adapted their risk management framework had been by mapping their existing profiles and linking them to the corresponding financial risk criteria (only one Member State had created some risk profiles for criteria not yet covered by its existing profiles). We also noted that, when mapping risk profiles to the criteria set by the FRC decision, Member States did not use all the recommended indicators. Consequently, Member States apply different criteria to select custom declarations to control.47
The Member States we visited did not expect to increase their control capacity as a result of implementing the FRC decision. The risk management approach they had applied before the adoption of the FRC decision had not changed significantly; nor did they expect it to change. Box 4 contains two examples of these countries’ comments on the impact the introduction of the FRC decision and guidance had on their risk management systems.
Member States’ views on changes to their financial customs risk management systems due to the implementation of the FRC decision
One Member State we visited considered that its system was already fully compliant with the FRC decision. In its view, “neither the decision nor the guidelines contain any substantive input about the risk analysis procedure. These only provide a broad framework. The FRC decision simply conceptualise the Member State’s existing financial risk analysis methods”.
Another Member State stated that “the FRC decision is a formalised continuation of the existing activities of the customs administration in financial areas”.
In their replies to our questionnaire, which we sent before the guidance document had been endorsed, 17 out of 27 Member States (63 %) stated that implementing the FRC decision would not lead to significant changes in their risk management systems. Most of the ten Member States that mentioned they would need to make significant changes indicated that their main challenge would be updating their IT systems.49
In addition, the Member States we visited only applied risk profiles to pre-release controls. For post-release controls, they did not conduct any systematic risk analysis using the risk profiles based on the FRC decision criteria (see paragraph 25).50
Member States apply different approaches to reducing the number of controls to a manageable level. In the Member States we visited, impact management was widely used in risk profiles for control selection as part of the automated risk analysis system. Although they used most or all of the methods prescribed in the FRC decision, the ways they applied these methods differed substantially.51
Figure 7 presents, for the Member States we visited, the impact management measures applied to risk profiles on undervaluation of a certain group of products from a specific country of origin. It shows that the same import declaration may or may not be subject to a recommendation for control, depending on the Member State. For example, an import of a given weight of the products (with a value below the threshold used in each Member State):
- would not be selected in Member State B, because it is below the weight threshold;
- may or may not be selected in Member States A and D, as the control percentage varies depending on the difference between the declared value and the threshold, and on the importer;
- would be selected in Member States C and E, because impact management does not use weight as a criterion. However, the probability of overriding is much higher in these two Member States than in the other three.
Impact management measures used in the risk profiles for undervalued products from a specific country of origin
|Member State||Certain operators excluded
(or control percentage reduced)
|Weight threshold||Other percentage reductions and overrides|
|A||50 kg||Control percentages based on other risk indicators.|
|B||1 000 kg||N/A|
|C||High level of overrides (over 50 %).|
|D||Higher control percentages in specific cases.|
|E||High level of overrides (overall 25 %).|
Source: ECA, based on information collected in the Member States.
The frequency of overriding, the reasons given, and the monitoring and follow-up of overrides vary significantly between the Member States we visited. The number of control recommendations overridden varied from 1.6 % to 60 %. Figure 8 describes how these Member States manage overrides. The lack of rules or conditions for overriding recommendations gives Member States complete discretion as to whether to apply the controls recommended. Member States also diverge on the procedure to justify the override: in some of them override is only possible when some pre-determined characteristics are met, while others provide justifications on a case-by-case basis (see paragraph 29).
Overrides of customs controls in the Member States visited
|Yes||No||Approval necessary, but not hierarchical|
|Member State||Required meeting pre-determined characteristics||Mandatory to enter justification in the system||Mandatory to have hierarchical approval|
Source: ECA, based on information collected in the Member States.
Member States identify and treat risk signals in different ways53
The UCC implementing act26 indicates that an electronic system should be used for communication between customs authorities, and between customs authorities and the Commission, in the implementation of common risk criteria and standards27. The main IT tools used in risk management at EU level are the Customs Risk Management System (CRMS) and the Anti-Fraud Information System (AFIS). The CRMS allows the exchange of risk-related information EU-wide using online forms known as RIFs. RIFs can be sent either by a Member State or by the Commission (EU RIFs). The AFIS is the system where OLAF enters ‘mutual assistance’ communications (requests for Member States to take action in response to risks identified by OLAF investigations). These systems contain information on risks for the Member States to use in their national risk analysis systems.54
The five Member States we visited indicated that they found Member States’ RIFs to be not always sufficiently clear, meaning that they did not facilitate the creation of a risk profile, and that these RIFs usually included both repeated and one-off risks. In addition, in their replies to our questionnaire, 21 Member States (78 %) considered that “a more in-depth treatment of risk information at EU level (e.g. the Commission carrying out a pre-analysis of the RIFs from Member States) would allow a more efficient and harmonised risk analysis”.55
Member States interpret risk signals in mutual assistance communications or RIFs in different ways. For example, risk profiles created in response to mutual assistance communications on some undervalued products from a specific country of origin differ greatly from Member State to Member State. There is also significant variation between the risk profiles that different Member States create in response to EU RIFs prepared following data analysis in the context of the Commission’s JAC pilot project. Of the countries we visited, only one Member State introduced measures to reduce controls on imports with codes and countries of origin mentioned in EU RIFs.56
The framework does not include rules to harmonise random selection (see paragraph 35). In the visited Member States, we noted different approaches, as shown in Figure 9. Random selection percentages (i.e. the proportion of declarations not selected using risk profiles, which are then randomly selected for checks) differ between Member States (these percentages range from 0.0067 % to 0.5 % in the Member States visited). The different approaches mean that, for example, an authorised economic operator is 74 times more likely to be selected for random checks in one of the visited Member States than in one of the others. In two Member States, a significant number of declarations are excluded from random selection procedure because simplified declarations (see paragraph 59) are subject to neither risk-based nor random selection.
Random selection percentage applied in 2019 in the Member States visited
|Member State||Declarations to which percentage is applied||Additional details|
|A||Different percentages depending on type of declaration|
|B||Each customs office can adjust the random selection percentage|
|C||A random selection of declarations for control is not carried out in an automated manner.||Customs offices carry out some random checks|
|D||Different percentages depending on type of check (physical or documentary)|
Source: ECA, based on information collected in the Member States.
Member States do not systematically share information on risky importers with other Member States57
In paragraph 36, we pointed out that the existing platform for sharing information on risky importers with other Member States is not well adapted. We also found that the visited Member States did not systematically share information on these risky importers with the other Member States as part of their risk management.58
In addition, Member States use different methods to classify importers as economic operators of interest, and the ways they use this information in their risk profiles vary. Some Member States have a list of economic operators of interest that is applied to several risk profiles to increase controls on those traders. Other Member States specify directly in each risk profile which traders should be subject to more (or fewer) controls. Member States also define and identify economic operators of interest in different ways. In some Member States the identification is made on a case-by-case basis, while others use an automated process.
Not all Member States subject all declarations (standard and simplified) to automated risk analysis59
Goods are presented to customs using a standard declaration, containing all legally required details. However, some importers benefit from a system of simplified declarations, allowing them to omit certain details or documents or, sometimes, to simply enter the import in their financial records. In such cases, the importer must lodge a supplementary declaration, within a specific time limit, containing all the details required in a standard declaration. The percentage of the simplified declaration in the Member States visited varied between 25 % and 95 % of the total declarations submitted.60
Two of the Member States visited do not subject either simplified declarations or their related supplementary declarations to automated risk analysis, using the risk profiles based on the FRC decision. This is not in line with the requirements of the FRC decision. This means the automated risk analysis framework completely excludes a significant number of imports. The other three Member States visited apply risk profiles to supplementary declarations at least. Figure 10 illustrates how the Member States we visited apply automated risk analysis to simplified and supplementary declarations.
How the Member States visited apply automated risk analysis to simplified and supplementary declarations
|Yes||Yes, but with some limitations||No|
|Member State||Automated risk analysis|
|Applied to simplified declarations||Applied to supplementary declarations|
Source: ECA, based on the information collected in the Member States.
In one of the visited Member States, we were able to analyse the information given in import declarations for selected products under both the standard and simplified procedures. The example in Box 5 shows that not subjecting simplified declarations to automated risk analysis may reduce the customs duty amounts collected in some Member States.
The risk of undervaluation for simplified declarations
In one Member State we visited, standard and simplified customs declarations are lodged in two separate IT systems. We analysed imports of four types of goods produced in a certain country recorded in these two systems in the period July‑August 2019 and found that, for two of these goods, the declared value per kilogram of imported goods was systematically lower for simplified declarations than for standard declarations. For simplified declarations, the prices of imported goods formed clusters (see illustration below) below the estimated “fair” prices (i.e. the prices below which there is a risk of undervaluation and declarations should be selected for control).
The following graphs show the striking difference in the distribution of the declared value/kg for one product category depending on the type of declaration. If the methodology for identifying the risk of undervaluation were applied in this case, about two thirds of the simplified declarations would have to be selected for control. However, as the Member State does not subject simplified declarations to automated risk analysis, its system did not flag them for control.
Conclusions and recommendations62
The audit assessed whether the risk management framework (based on the FRC decision and complementary guidance) developed by the Commission, in cooperation with Member States, ensures uniform application of customs controls to safeguard the EU’s financial interests. Implementation of the FRC decision and guidance is an important step towards uniform application of customs controls. However, we conclude that the framework does not ensure sufficient harmonisation of control selection to safeguard the EU’s financial interests. This is mainly due to weaknesses in its design, which allow Member States to differ significantly in the way they implement it. This could allow non-compliant operators to target EU points of entry with lower levels of controls.63
Imports posing a higher level of risk to the EU’s financial interests may not be properly prioritised (see paragraph 21). The FRC decision is not sufficiently detailed, does not include all requirements from the UCC and gives Member States too much discretion in applying it, including on ways to reduce the number of controls. The guidance is not legally binding, and lacks clear and precise instructions on specific points (see paragraphs 22-29 and 35). There are no EU-wide platforms or databases to share information systematically on all risky importers (see paragraph 36). The framework lacks appropriate tools to tackle risks in e-commerce (see paragraph 37). The existing monitoring and review arrangements are not adequate (see paragraphs 38-45). EU risk signals do not always have clear instructions for Member States to use when preparing risk profiles (see paragraphs 53-56). In some Member States, a significant number of EU imports are not subject to an automated risk analysis (see paragraphs 59-61).Recommendation 1 – Enhance the uniform application of customs controls
The Commission should enhance the uniform application of customs controls by taking the measures listed below, which require the support and, where necessary, the approval of the Member States, by:
- strengthening the rules for Member States, such as: adding instructions and details to the framework, including on procedures and criteria for Member States to apply when reducing the number of controls (including overriding control selections), on how to apply the framework to post-release controls and on how to apply random selection; and transferring some of the rules currently in the guidance to the FRC decision;
- introducing provisions in the FRC decision and rules in the guidance to ensure that the risks related to e-commerce imports are properly taken into consideration;
- improving the quality of risk signals, in particular: requiring more clarity and detail in the RIFs prepared by Member States; ensuring that there are detailed instructions on how to use EU RIFs and mutual assistance communications; and following up to check on Member States’ implementation of RIFs, including requiring compulsory feedback from Member States;
- assessing the extent to which Member States’ risk profiles cover different types of declarations (standard and simplified) and ensuring that existing gaps are covered appropriately;
- developing, implementing and maintaining EU-wide risk databases for Member States to use, such as lists of economic operators of interest;
- setting out sound arrangements for monitoring and reviewing the Member States’ application of the framework.
There is no appropriate EU-wide analysis of financial risks in customs, based on data from all EU imports (see paragraphs 30-34). The current framework sets general criteria and indicators for Member States to apply in their risk analysis, leaving it up to them to create detailed risk profiles to select imports for controls. The framework does not provide an integrated approach to manage financial risks at EU level. It has not yet changed Member States’ processes sufficiently to properly safeguard the EU’s financial interests (see paragraphs 46-52).Recommendation 2 – Develop and implement a fully-fledged analysis and coordination capacity at EU level
The Commission should create a central function at EU level to better guide overall customs control efforts. This should bring together Commission and Member State expertise in order to analyse the main financial risks in customs and determine the best ways to address them.
The Commission should analyse how to do this in an effective and sustainable way. Potential scenarios could include: giving greater responsibilities to existing customs working groups; creating a specific service within a DG (or an inter-departmental service from DG TAXUD, DG BUDG and OLAF); or developing a dedicated EU agency.
The role of the central function should include:
- defining, for example in terms of materiality, the risks that should be subject to an integrated approach (EU-relevant risks) and, in cooperation with Member States, ensuring that such risks are addressed appropriately;
- developing and implementing effective data mining capabilities to carry out data analysis at EU level and identify EU-relevant risks;
- exploring ways to develop IT risk management tools compatible with Member States’ import and risk management systems, to allow direct and automatic application of control recommendations for EU-relevant risks.
This Report was adopted by Chamber V, headed by Mr Tony Murphy, Member of the Court of Auditors, in Luxembourg on 23 February 2021.
For the Court of Auditors
Acronyms and abbreviations
AFIS: Anti-Fraud Information System
CCC: Community Customs Code
COMEXT: Eurostat’s External Trade Statistical Database
CRMS: Customs Risk Management System
CUP: Customs Union Performance
DG BUDG: Directorate-General for Budget
DG TAXUD: Directorate-General for Taxation and Customs Union
ECA: European Court of Auditors
EU: European Union
FRC decision: Financial Risks Criteria and Standards Implementing Decision
GNI: Gross National Income
ISO: International Organisation for Standardization
IT: Information and Technology
JAC: Joint Analysis Capacity
OLAF: European Anti-Fraud Office
RIF: Risk Information Form
TFEU: Treaty on the Functioning of the European Union
TOR: Traditional Own Resources
UCC: Union Customs Code
VAT: Value Added Tax
WCO: World Customs Organisation
Authorised economic operator: A person or company deemed reliable, and therefore entitled to enjoy benefits in the context of customs operations.
Customs controls: Procedure to check compliance with EU customs rules and other relevant legislation.
Customs declaration: An official document that gives details of goods being presented for import, export or another customs procedure.
Customs gap: The difference between the import duty that would be expected for the economy as a whole and the amount actually collected.
Customs union: The result of an agreement among a group of countries to trade freely with one another while charging a common tariff on imports from other countries.
Risk management: Systematically identifying risks and taking action to mitigate or eliminate them, or to reduce their impact.
Risk profile: A combination of risk criteria that help identify higher-risk customs declarations to be considered for customs controls.
Risk signal: Information on a potential risk which may be used to create risk profiles.
The ECA’s special reports set out the results of its audits of EU policies and programmes, or of management-related topics from specific budgetary areas. The ECA selects and designs these audit tasks to be of maximum impact by considering the risks to performance or compliance, the level of income or spending involved, forthcoming developments and political and public interest.
This performance audit was carried out by Audit Chamber V Financing and administering the Union, headed by ECA Member Tony Murphy. The audit was led by ECA Member Jan Gregor, supported by Werner Vlasselaer, Head of Private Office and Bernard Moya, Private Office Attaché; Alberto Gasperoni, Principal Manager; José Parente, Head of Task; Diana Voinea, and Csaba Hatvani, Auditors. Michael Pyper provided linguistic support.
1 Article 3 of the consolidated version of the Treaty on the Functioning of the European Union (TFEU) (OJ C 202, 7.6.2016, p. 47).
2 Article 291 of the TFEU.
4 See special report 19/2017 “Import procedures: shortcomings in the legal framework and an ineffective implementation impact the financial interests of the EU”, paragraphs 29-32.
5 Regulation (EU) No 952/2013 of the European Parliament and of the Council of 9 October 2013 laying down the Union Customs Code (recast) (OJ L 269, 10.10.2013, p. 1) (UCC Regulation).
6 Article 5(7).
8 Council Regulation (EEC) No 2913/92 of 12 October 1992 establishing the Community Customs Code (OJ L 302, 19.10.1992, pp. 1-50).
9 See 2014 and 2015 annual reports, paragraph 4.20 and paragraph 4.15 respectively.
10 See special report 23/2016 on “Maritime transport in the EU: in troubled waters — much ineffective and unsustainable investment”, paragraph 113.
11 See special report 19/2017 “Import procedures: shortcomings in the legal framework and an ineffective implementation impact the financial interests of the EU”, paragraph 148.
12 See the study by the European Parliament: European Parliament, Directorate-General for Internal Policies, “From Shadow to Formal Economy: Levelling the Playing field in the Single Market”, 2013).
13 See special report 19/2017 “Import procedures: shortcomings in the legal framework and an ineffective implementation impact the financial interests of the EU”.
14 Commission Implementing Decision of 31 May 2018 laying down measures for the uniform application of customs controls by establishing common financial risk criteria and standards pursuant to Regulation (EU) No 952/2013 laying down the Union Customs Code for goods declared for release for free circulation.
15 See “Report from the Commission to the Council and the European Parliament – Second Progress Report on the implementation of the EU Strategy and Action Plan for customs risk management” from 20 July 2018.
17 Communication from the Commission to the European Parliament, the Council and the European Economic and Social Committee – Taking the Customs Union to the Next Level: a Plan for Action, COM(2020) 581 final from 28.9.2020.
19 Article 46(7).
20 Annex 4 to volume 1 of the WCO customs risks management compendium.
21 ISO 31000:2018 Risk management – Principles and guidelines, p. 3.
22 See 2017 annual report, paragraph 4.23, recommendation 1.
23 See WCO’s Risk Management Compendium and Article 5(25) of the UCC.
24 We recently published a report on the challenges of e-commerce: special report 12/2019 “E-commerce: many of the challenges of collecting VAT and customs duties remain to be solved”.
25 Report 7/2017 from December 2017: Rigsrevisionens beretning om SKATs kontrol og vejledning på toldområdet (the National Audit Office's report on SKAT's control and guidance in the customs area).
26 Commission Implementing Regulation (EU) 2015/2447 of 24 November 2015 laying down detailed rules for implementing certain provisions of Regulation (EU) No 952/2013 of the European Parliament and of the Council laying down the Union Customs Code (OJ L 343, 29.12.2015, pp. 558–893).
27 Idem, Article 36.
|Adoption of Audit Planning Memorandum (APM) / Start of audit||24.9.2019|
|Official sending of draft report to Commission
(or other auditee)
|Adoption of the final report after the adversarial procedure||23.2.2021|
|Commission’s (or other auditee’s) official replies received in all languages||15.3.2021|
EUROPEAN COURT OF AUDITORS
12, rue Alcide De Gasperi
More information on the European Union is available on the internet (http://europa.eu).
Luxembourg: Publications Office of the European Union, 2021
|ISBN 978-92-847-5781-7||ISSN 1977-5679||doi:10.2865/839224||QJ-AB-21-005-EN-N|
|HTML||ISBN 978-92-847-5753-4||ISSN 1977-5679||doi:10.2865/100200||QJ-AB-21-005-EN-Q|
© European Union, 2021.
The reuse policy of the European Court of Auditors (ECA) is implemented by the Decision of the European Court of Auditors
Unless otherwise indicated (e.g. in individual copyright notices), the ECA’s content owned by the EU is licensed under the Creative Commons Attribution 4.0 International (CC BY 4.0) licence. This means that reuse is allowed, provided appropriate credit is given and changes are indicated. The reuser must not distort the original meaning or message of the documents. The ECA shall not be liable for any consequences of reuse.
You are required to clear additional rights if a specific content depicts identifiable private individuals, f. ex. as on pictures of the ECA’s staff or includes third-party works. Where permission is obtained, such permission shall cancel the above-mentioned general permission and shall clearly indicate any restrictions on use.
To use or reproduce content that is not owned by the EU, you may need to seek permission directly from the copyright holders.
Software or documents covered by industrial property rights, such as patents, trade marks, registered designs, logos and names, are excluded from the ECA’s reuse policy and are not licensed to you.
The European Union’s family of institutional Web Sites, within the europa.eu domain, provides links to third-party sites. Since the ECA does not control them, you are encouraged to review their privacy and copyright policies.
Use of European Court of Auditors’ logo
The European Court of Auditors logo must not be used without the European Court of Auditors’ prior consent.
GETTING IN TOUCH WITH THE EU
All over the European Union there are hundreds of Europe Direct Information Centres. You can find the address of the centre nearest you at: https://europa.eu/european-union/contact_en
On the phone or by e-mail
Europe Direct is a service that your questions about the European Union. You can contact this service
- by freephone: 00 800 6 7 8 9 10 11 (certain operators may charge for these calls),
- at the following standard number: +32 22999696 or
- by electronic mail via: https://europa.eu/european-union/contact_en
FINDING INFORMATION ABOUT THE EU
Information about the European Union in all the official languages of the EU is available on the Europa website at: https://europa.eu/european-union/index_en
You can download or order free and priced EU publications at: https://op.europa.eu/en/web/general-publications/publications. Multiple copies of free publications may be obtained by contacting Europe Direct or your local information centre (see https://europa.eu/european-union/contact_en)
EU law and related documents
For access to legal information from the EU, including all EU law since 1952 in all the official language versions, go to EUR-Lex at: http://eur-lex.europa.eu/homepage.html?locale=en
Open data from the EU
The EU Open Data Portal (https://data.europa.eu/euodp/en/home) provides access to datasets from the EU. Data can be downloaded and reused for free, both for commercial and non-commercial purposes.