Every year, the WCO IT Conference and Exhibition brings together Customs, trade, transport and technology provider representatives to discuss matters relating to the various technologies used to manage flows of goods, people and means of conveyance across borders. Besides enabling participants to take a step back and look at things differently, it allows them to test and visualize how solutions and equipment work by visiting suppliers’ exhibition booths. The latest such event took place in October 2022 in Maastricht, the Netherlands, and below are just some of the ideas and initiatives showcased by speakers and exhibitors.

Open Architecture allows hardware, software and algorithms from different suppliers to be easily “plugged together” into one solution. In a world of screening technology for Customs authorities, talk of collaboration and data sharing to accelerate the development of OA-based solutions now translates into concrete IT solutions, with provider marketing platforms integrating other parties’ applications and machine learning models.

Although discussions had been unproductive for a while due to concerns related to data security, intellectual property and the loss of commercial differentiation or advantage in a competitive market, advances in OA technology and new commercial models have enabled the industry to overcome these barriers. Federated learning (where multiple people remotely share their data to collaboratively train a single deep learning model), data trusts (where a steward manages someone’s data on their behalf), and decentralized autonomous organizations (where a community, rather than a central authority, leads an entity) are some of the working models used by the industry to collaborate.

One of the results of such collaboration is the “unified file format” (UFF), which is the international standard for scanned images and associated metadata produced by NII equipment, and which has been developed by NII suppliers in cooperation with the WCO.

The next step should be to level the playing field with respect to performance. As one speaker asked: “Rather than mandate the IQI or penetration performances on an NII system, why not standardize those along with the testing regime in which they are met?” Similarly: “Instead of prescribing image quality and penetration of X-ray, why not guide States to use existing performance standards when procuring?”

While there is a broad appetite for OA and for exploiting its power, there is also recognition of the need to ensure that all applications perform well over time and that one party’s algorithm does not become invalidated if another party makes a change to the system and, vice versa, that a minor bug fixed in one party’s algorithm does not invalidate another party’s system.

Such a model requires one entity (the “integrator”) to act as a single point of responsibility and to assume that liability, guaranteeing that any applications hosted on the platform will operate in terms of performance and of compliance over the complete lifetime of the system.

Artificial Intelligence (AI) and machine learning dominated the discussions.

The various types of AI were introduced, from reactive robots to self-aware entities:

• Reactive AI systems, which have the ability neither to form memories nor to use past experiences to inform current decisions.
• Limited memory systems, which are able to use information about the past to improve their responses.
• “Theory of mind” AI systems, which not only form representations about the world, but also about other entities. Called “theory of mind” in psychology, this capacity to understand other people by ascribing mental states to them allows humans to have social interactions. This type of AI understands reasoning, motive and intent, and adjusts its behaviour accordingly.
• Self-awareness: systems that can form representations about themselves, know about their internal states, and that are able to predict the feelings of others.

It is still hard to gain a comprehensive perspective on the potential impact of AI in the future. AI “mainstream” systems which are in use today correspond to reactive and limited memory AI. They can enable Customs to make sense of images and data produced by NII systems, to cross-validate data flows, to analyse extensive sources of data to detect fraud, to search for all types of risk and to find anomalies. Ideally, in the future, machines will determine when to intervene, and decisions will be transparent and fair. There will be no disruption of legitimate and legal trade, and all transactions will be thoughtfully checked.

NII systems providers explained that, while the quality and resolution of primary sensors were still vital elements of NII systems and areas which they continued to research and develop, the quality of the associated analytics was where they saw technology advancing the quickest. Accuracy and probability of detection by a human operator was still a function of the level of detail of the image itself, but algorithms were growing in sophistication, enabling machines to classify products, assess quantities, identify the presence of human beings, identify anomalies or objects of interest, and count the number of people in a car, etc.

One Customs administration, having completed a number of proof of concept activities to test algorithms applied to NII systems for the detection of hand guns and other weapons at the border, explained that, while these trials had shown promise, further work was required to achieve full automation for the detection of a broad range of border threats. According to the Australia Science and Technology Agency, development of such algorithms would still require significant efforts over 7 to 10 years.

Many speakers agreed that one game changer would be to establish collaboration between Customs agencies, and especially, to ensure enough images and associated data were available to train the image recognition model. Collaboration on such projects meant agreeing on the threats to be addressed and the objective of the model. One question, for example, was whether you wanted to identify shapes or materials, or detect concealment methods.

One administration introduced the results of a research project to use machine learning to automate X-ray image analysis when screening postal flows. The model involved recognizing “paper products” (documents, letters, books, notes, etc.) in thin packages like envelopes. The main lessons learned were that it was necessary to set clear targets based on field operations analysis, that a lot of data was required to train a model, and that it took time (it took five years to finalize the project).

Another administration highlighted the limitations of doing things alone, and the need to standardize practices such as those related to image labelling or to the deployment and testing of algorithms to facilitate collaboration.

AI and machine learning can enable Customs to identify cases of undervaluation, misclassification, misdescription and misdeclared country of origin. Experts shared analysis methodologies with participants, such as using exporter data where possible, as it generally exhibited less bias with respect to valuation; analysing Container Status Messages to identify irregular movements in the supply chain, such as uneconomic shipping routes, deviations, and long dwell times in ports with weak security; and looking for differences in documents or references to sanctioned operators or vessels.

Deployment of the technology requires more than the algorithms themselves – it also requires collaboration between technology providers and Customs. A lot of time needs to be spent discussing key infrastructure elements. For example, as AI requires access to large datasets, data storage and computer processing capabilities should be carefully planned.

Understanding what AI is and establishing governance rules is also critical, especially to minimize the impact of regulations on AI which more countries are developing. A governance framework would address issues such as how often policies and guidelines need to be reviewed and possibly replaced. It would also provide for an inventory of all AI models, identify risks with AI systems, and describe testing, evaluation and monitoring mechanisms.

Finally, best practices need to be followed when it comes to design and deployment. For example, performant machine learning models require curated datasets, with data scientists reported to be spending 60% of their time selecting and bringing together relevant data into structured, searchable data assets that are ready for analysis. Containerization, a means to deploy applications as modular software components, was also among the best practices mentioned to ensure good outcomes.

Two technologies enabling material identification were showcased at the Conference:

• X-ray diffraction (XRD), a method used for studying the structure, composition and physical properties of materials by analysing their crystal structures. It utilizes interference of X-ray waves diffracted on crystal planes to determine distances of the atoms.
• Atmospheric Ray Tomography (ART) applying only natural atmospheric radiation enables the identification of the chemical composition of scanned objects through any shielding.

The idea was also expressed that, in the future, everything would be shared with the right parties, for the right reasons, at the right time. Whilst the technology enabled such cooperation, the legal framework in many countries still strictly limited automated exchange of information, especially at the international level.

A Customs administration provided an example of a government-to-government digital connectivity programme to exchange Preferential Certificates of Origin (PCOs) and Certificates of Non-Manipulation (CNMs).

A technology provider shared some of the insights gained from an international data sharing programme which tested the feasibility of creating a transparent supply chain for the trade of pineapples from Guatemala to the United States (US). The goal was to provide US Customs and Border Protection with everything they might want to know about a shipment of pineapples from Guatemala. The administration welcomed the idea, which would enable it to add a whole layer of security to the transaction and many additional data elements that it could mine two days before arrival.

Two shipping ports were selected:

• One on the east coast of Guatemala, which was being used to send a large amount of agriculture products to the US, had a well-defined security perimeter, had invested in scanning technology and data analysis training for all of its local users, and scanned everything at export to the US and to Europe as well.
• One in the US, where the majority of those agriculture products were unloaded and which welcomed the possibility of gaining an advantage over its competitors through the quicker release of such goods.

The proof of concept was completed in 2022. Data was collected along the entire import process: manifest, X-ray scan data, radiation profiles, and CCTV footage, and the company even captured electronically all the human interactions related to the shipment. The project brought together pineapple farmers, agricultural trade partners, Customs, shipping ports and the IT solution provider. At the time of the Conference, all were finalizing legal agreements for the project to go live by early 2023.

Some of the insights from the project are as follows:

• By their very nature, data sharing programmes have a lot of stakeholders and the project lead has to understand each of the stakeholders and adapt its IT platform to meet everybody’s needs. Each stakeholder not only has its own established bureaucracy, but also several teams, each with its own mission within the same organization (IT, operations, legal and cyber teams in particular).
• On-boarding IT teams is especially time-consuming but you should not fight them. Instead, build trust so that they let you try things.
• The technical challenge is getting the software approved by Customs administrations.

The bad news is that everything will be a target for hackers, and everyone will be hacked sooner or later. Ways to address cybersecurity risks efficiently were examined, including:

• Defining a clear security architecture for the IT solution.
• Implementing DevSecOps (Development, Security, and Operations), an approach which involves introducing security earlier in the software development life cycle and expands the collaboration between development and operations teams to integrate security teams in the software delivery cycle.
• Developing a contingency plan to respond quickly to incidents.

A Customs administration reported having made huge savings after moving its data lake from premises (USD 12.3 million a year) to the cloud (USD 2.67 million a year). The infrastructure was not only cheaper, but also scalable and extendable, the time to market was shorter, and the security level was high. Another administration highlighted benefits in terms of safe and efficient data storage integration, potential integration across Customs agencies and partners, and the safe development and testing of new technologies without compromising the operational network.

But using the cloud has its challenges:

• Customs data must be protected.
• Data must be structured if it is to be shared.
• Individuals with specific skills and expertise may need to be hired, especially data scientists who can understand service providers and formulate the administration’s needs.
• Compliance with existing cloud-related regulations and standards must be ensured.
• Existing government policies may not consider the use of the cloud.

One administration explained in great detail its drone programme, which it launched in 2017. After extensive research, a pilot was run in 2020 in the Port of Rotterdam, with the objective of testing the use of drones to detect intruders and incidents while increasing the security of staff and reducing the time needed by intervention teams to do their job (every time Customs entered a container terminal, the cranes had to stop). Following the pilot, a team in charge of flying seven drones was established in the Port in 2022. New teams are to be created across the territory and the number of drones should increase to 25 in 2023.

There is a whole organizational system needed on the legal side and the technical side when carrying out such a project. This includes:

• Examining relevant regulations.
• Determining the type of operations to be conducted.
• Selecting the aircraft.
• Selecting and training the crew, as drone operators may be required to obtain a pilot licence and need radiotelephone training.

The administration is continuing to develop the programme and is considering the use of drones which can fly autonomously in certain demarcated areas; it also intends to introduce fixed wing drones.

A Customs administration from a small island economy explained that it was challenging to acquire technology when financial resources were scarce. If it received donor funding for big projects such as its Customs automated clearance system, it also chose to develop in-house solutions utilizing secure open source applications. One of the tools developed by its IT team tracked revenue collection in real time, enabling it to compare collection performance over time, and making reporting easy. The tool was a game changer in a country where policy makers needed to know the size of the budget available to them at all times in order to be able to respond quickly to disruptions.

The administration also participated in developing the Advance Cargo Information System (ACIS), a project led by the Caribbean Community (CARICOM), an intergovernmental organization with 15 member states located throughout the Caribbean. ACIS allows for the collection of manifest data through the Electronic Manifest Management application. Data is then analysed by the Regional Intelligence Fusion Centre, and national risk analysis reports are sent to each country for action. Data related to a country is not shared with others, unless there is a formal request to do so.

Discussions around Single Windows focused on interoperability and interconnection, as well as best practices related to development and deployment. One country highlighted the need for all agencies involved to get a common sense of ownership of the project and to consider things from a user perspective when developing functionalities.

Two regional projects were examined:

• The East Africa Community Single Customs Territory (EACSCT), which connects each revenue authority’s IT systems and port authorities to inform them of cargo movements across borders, and allows for the sharing of information (such as scanning results).
• The ASEAN Single Window, which connects national Single Windows and allows for the exchange of certificates of origin and the ASEAN Customs Declaration Document, and will soon cover the phytosanitary certificate from the exporting country to the importing country.

Participants also learned about the Singapore Trade Finance Registry, an initiative by the Association of Banks in Singapore (ABS) to validate the compliance of a credit request linked to a trade transaction and prevent trade finance manipulations by drawing data from various sources, including Customs declarations.

Trade operators using the services of specialists to declare goods provide data in paper or in separate electronic documents. The Conference showcased software using AI and Optical Character Recognition (OCR) technology to extract the data required in the Customs declaration from scanned or electronic documents. Such tools are not only used by brokers, but also by Customs.

A Customs administration explained how it decided to support exporters by enabling them to send invoices, bills of lading and transport documents to clear their goods. Customs officers would then use the data to issue a Customs declaration and a certificate of origin. They spent on average 20 minutes to issue a declaration (30,000 hours per year) and 10 minutes to issue a certificate of origin (3,000 hours per year). Four officers working full time were dedicated to assessing tax liabilities for transactions selected for a documentary check (yellow channel). To reduce the burden placed on the administration, it was decided to automate the work.

Robotic process automation (RPA), AI and OCR software were used to:

• identify the type of document being submitted
• extract the data from the documents and translate it into Georgian
• validate data input
• issue a Customs declaration for export
• issue certificates of origin
• assess tax liabilities.

It now took 3 minutes to issue a Customs declaration (27,000 working hours saved per year) and 1.5 minutes to issue a certificate of origin (2,500 working hours saved per year). The number of Customs declarations for export had grown by 27%. Documentary checks had been fully automated.

Some of the challenges identified during the implementation stage were related to ensuring compatibility between RPA and OCR software with existing systems; ensuring scalability; and converting “analog data” (in other words, paper documents) into digital data, as 70% of the documents submitted by operators in this country were on paper.

The 2023 WCO technology event will be held from 10 to 12 October 2023 in Hanoi, Vietnam. Keep checking the Events Section of the WCO website for further details, or contact the WCO Events Team.

More information
www.wcoomd.org
Events@wcoomd.org