Skip to main content
2016 OAS Guidelines

3.III.3.3. Rail transporters

In general, the audit of a rail carrier does not differ significantly from that of other carriers. Rail operators may even be considered to present a lower risk due to the nature of the transport mode. In any case, the planning of audit activities and risk assessment will be the subject of reflection on some distinct aspects of the business operations of rail transport operators:

  • Railway operators are subject to the provisions of international agreements and conventions (COTIF, CIM). These agreements may impose requirements relating to seals and cargo integrity. They can also address responsibilities during transportation.
  • Rail traffic is subject to the regulations and certifications regarding railway safety relating to the protection of both passengers and cargo. These regulations and certifications may include requirements relating to security management systems, personnel protection, and internal control systems.
  • Rail transport operators operate in a regulatory fragmented environment. Railway operations may be regulated and supervised by several national authorities .
  • The operational environment contains several elements that are often subject to the control of third parties responsible for infrastructure elements, such as tracks, marshalling yards, and container terminals, or third parties responsible for the cargo unit.
  • The applicant may have a complicated organizational structure, numerous facilities, and a wide range of operations. Operations can also be divided into passenger operations and cargo operations.
  • Rail transporters can work with a multitude of business partners, usually well known. These may include, for example, road transport operators, warehouse operators, port operators, and station security service providers. Loading and unloading of cargo units or containers onto railcars may be the responsibility of the carrier. However, such loading and unloading operations are usually the customer's responsibility. Rail transporters do not normally load or unload such units themselves or through third parties. Only if rail transporters themselves offer parcel services and other additional logistics services can they assume operational responsibility for freight handling.
  • During transport, several people may be responsible for document management or the control of cargo units and wagons. Rail transport companies are only responsible for managing freight at cargo transfer points, logistics centers, and warehouses when they offer parcel delivery and other additional logistics services on their own behalf.

Issues of interest during the risk assessment and audit of a rail carrier applying for AEO status:

  • To better understand the business environment, customs authorities should ask the applicant to provide a brief overview of the regulations, agreements, and conventions to which they are subject before the audit.
  • When preparing for the audit, auditors should have the opportunity to establish a comprehensive and unambiguous view of the centers and facilities involved in customs operations and determine whether or not the applicant exercises control over them. These centers are the premises where documents related to customs activities, cargo units, and merchandise are managed.
  • Preventing unauthorized access to goods and cargo units requires the use of appropriate security surveillance methods, particularly at open-access railway stations, during transport, loading and unloading operations, and at stops.
  • Cargo units must be tracked, security procedures related to border crossings (surveillance cameras, scanning) and detentions, cargo weighing, and seven-point inspections (especially after a prolonged storage period).
  • Sealing procedures must be established, including instructions to be followed in the event of a security breach.
  • Business partners must be identified, and security requirements must be incorporated into contracts, even for potential partners. Due to the outsourcing of core activities (loading, unloading, security monitoring), the applicant must manage risks associated with business partners by incorporating certain requirements into contracts and monitoring their compliance. Likewise, routines applicable in the event of security breaches being detected play an important role in strengthening supply chain security.
  • Security awareness training must be delivered appropriately.
  • Routines relating to communication and management of security breaches are a fundamental requirement.