Focus on Asset Protection
Worldwide Product Protection
By Jeffrey A. Williams, CPP
While most corporate security directors can effectively secure product at their own manufacturing facility or warehouse, they exercise far less control at overseas or contract sites and as product travels from the plant to stores. To develop an effective security program for product both in production and in transit, the security professional must understand the threat, the fundamental techniques used by thieves, the inherent weaknesses of certain manufacturing or shipping strategies, and the tools and solutions that can mitigate the risk.
As more companies manufacture, distribute, and sell products globally, it has become increasingly difficult to protect inventory at the plant and in transit. Sophisticated thieves hiding behind international boundaries have created a staggering level of risk that was hardly imaginable only a few years ago.
In today’s business world, for example, manufacturing processes are completely or partially outsourced to companies throughout the world, many of which may not have adequate controls in place. Likewise, manufacturers must rely on several different shipping contractors when transporting product across international borders, leaving these assets vulnerable to pilferage along the transit route and making it more difficult to determine where a crime occurred. To combat these threats, security teams must implement strict security measures in the plant and on the road.
IN THE PLANT
Every plant should, of course, have basic physical security and access controls. But security managers also need to focus special policies and procedures on the most common threats to manufacturing profitability: theft, product diversion, and counterfeiting.
Theft. Theft of assets from manufacturing facilities is often the result of an insider working with vendors or other employees. For example, crooked employees at a Taiwanese microchip producer were recently bribed to collect microprocessors that had been rejected during testing and divert them to outside criminals. The chips were then falsely marked as certified and sold to unsuspecting PC vendors and individuals. Not only did the rejected chips cut into sales of legitimate product, but the flawed chips also tarnished the manufacturer’s reputation as consumers discovered that their components were defective.
The problems didn’t stop there. Other employees were smuggling functional computer chips out of the plant and selling them to distributors, further adding to the company’s losses. Because it lacked inventory controls and conducted no audits of the manufacturing process, the manufacturer was unaware of the extent of the thefts of defective and legitimate chips until management was tipped off by an employee who had learned about the activity.
Solutions. Inventory controls should be implemented at the company so that product is audited throughout the production and shipping cycle. Internal auditors should be dispatched to production areas to inventory all products and materials as they are either prepared to be shipped out or as they are logged in as a delivery. Auditors should also record the movement of product within the facility, such as when product is moved from a holding to a storage area.
Security officers should be trained to recognize the difference between good products and rejects, and they should conduct spot checks of product and material that is being shipped out or delivered to the facility. During these surprise inspections, officers should randomly compare the inventory in some crates against inventory invoices.
Garbage bins, which are often used to hide product that will later be stolen, should also be inspected periodically. To ensure that officers are doing their jobs, security supervisors should conduct periodic tests of security procedures. For example, the security manager can set up a test crate (addressed to a phony customer) that has product missing to determine whether officers would detect the loss. (The crate would be intercepted by the security supervisor before it left the facility.)
Materials used in the production of high-value items should not be kept in conventional storage rooms or on the plant floor but rather in secure storage lockers with tight access controls. When materials are needed, production managers should be required to sign for a specific quantity of the material, which should then be released to them with a security officer witnessing the process.
These measures helped a U.S. multinational manufacturer of computers when it realized that it was losing computer RAM chips at one of its German assembly facilities. Under new security procedures, chips are kept in a secure storage locker to which only senior security personnel have access. When additional chips are needed for assembly, a production manager must sign for a precisely inventoried quantity and must document that each chip is used in production. The strict inventory controls have reduced chip theft to nearly zero.
When using a contract security firm, the manufacturer should request that the security force personnel be rotated at least once every 12 months. This breaks down any relationships that might develop between company employees and security officers that could lead to corruption. When officers are either being rotated out of the facility or leaving their jobs, a senior manager outside the security department should conduct an “exit interview” under which the officers should be asked about their impressions of the security operation, including potential weaknesses, strengths, and suggested improvements. Many employees feel more comfortable talking about these issues when they are leaving a company.
Even if a company outsources the manufacturing process to an overseas facility, it should require that plants implement the security measures mentioned. To ensure enforcement, the manufacturing facility should be required either to undergo surprise audits or to allow the company to assign one of its security managers to watch over the plant. In the latter case, the security manager should be rotated in and out every six to 12 months.
The layout of the facility can play a role in reducing employee theft. For example, the manufacturing area should not be near the employee changing rooms, where stolen product can be hidden. If changing rooms are located far from the manufacturing area, employees will be forced to carry stolen items a longer distance, thus increasing the chances of their getting caught.
It’s also important to have separate shipping and receiving areas as the commingling of incoming materials and outgoing product creates confusion and opportunity for theft. Security should limit the access privileges of contractors, such as delivery personnel and janitors to storage and work areas.
Technology can be used to audit material flow. Many companies, for example, use software to analyze reject rates and patterns to determine whether manufacturing problems are present. This information, used primarily for quality control and productivity evaluation purposes, is typically not shared with security personnel and investigators. If the security manager can review this data, however, he or she might be able to discover a pattern of theft.
Diversion. One of the biggest problems for companies selling internationally is product diversion: the intentional or accidental redirection of product to unintended destinations where the product is then sold without the manufacturer’s authorization. This is typically a ploy to avoid regional import restrictions or taxes that increase the price of legitimate merchandise. It may also be a way to buy goods cheaply, because manufacturers sometimes discount goods to break into a new market.
Jeans, sunglasses, athletic apparel, and cigarettes are among the products most commonly diverted to Europe, while upscale designer clothing, cosmetics, fragrances, and electronics are commonly diverted to Asia. Because these diverted products are typically sold for less than market price, they undermine the sale of legitimate product.
According to FBI estimates, about 80 percent of all stolen or diverted merchandise re-enters legitimate retail channels. In many cases, diverted and legitimate goods are sold side by side on store shelves, and retailers are often unaware of the situation.
Diversion can take many forms. One involves the diversion of production overruns. This scheme is common in China and Thailand, where controls are lacking. At a contract apparel manufacturer in Hong Kong, for example, the plant superintendent was operating an unauthorized second shift unbeknownst to the firm that had contracted with this production facility to assemble a specific quantity of pants per day. After the first shift went home, another set of workers secretly entered the plant. They produced about 10,000 extra units each month. This was all legitimate product in the sense that the clothing had all the physical characteristics of the real thing, but they were sold through illicit channels. This practice eroded the company’s market share and profitability.
Another type of diversion involves misdirection of product marked for destruction. For example, the Taiwanese semiconductor producer mentioned earlier was also victimized by diversion. In this case, the company had hired an outside firm to collect scrap chips directly within the factory and then haul the material off to another location for destruction. The problem was that the chips weren’t actually destroyed. They were, instead, sold.
Solutions: The problem at the semiconductor plant might have been prevented had the manufacturer destroyed defective chips on site under closely monitored conditions. Even when hiring an outside firm to destroy old product, the manufacturer should insist that the process be conducted on-site before the material is carted away. This is especially important when the items slated for destruction are still in a usable state. For example, some companies will stop manufacturing a certain electronic component when a new technology is developed. The old components may contain technology that is being phased out, but they are still in working order and could be used by counterfeiters or product diverters to hurt the manufacturer’s market share.
When products are slated for destruction, internal auditors should inventory all items that are being demolished and watch as they move through the destruction process. A second auditor, usually a supervisor, should then inspect the product before having it hauled away to ensure that it has, in fact, been thoroughly destroyed.
As with theft, the best protection against diversion is a series of checks and audits throughout the manufacturing and distribution process. Before contracting with a company to either destroy product rejects or to manufacture clothing, the security manager should conduct a thorough due diligence investigation that covers not only the business history of the contract firm but also its owners and officers. The background check should include a financial analysis of the company and its principals. The security manager should do civil, criminal, bankruptcy, and reference checks.
Background checks are not always easy in foreign countries. The security manager should start with the country’s department of trade or industry or the national securities and exchange commission. In Asia, there are also investigative firms that have files of companies in the region that include detailed information about past criminal behavior.
To prevent intentional overruns, the parent company should assign a representative to the contract firm to monitor and document all production runs. The security manager should rotate this position on a regular basis to ensure that this individual is not being bribed to turn a blind eye. Another option is to hire an intellectual property investigations company to run undercover operations in the contract facility to determine whether product is being overproduced. Investigators can drop by the manufacturing facility at night, on weekends, and during holidays to ensure that machines are not operating.
In addition, the parent company can work closely with a country’s customs agency to determine whether the company’s overseas shipments are above what they are supposed to be.
Counterfeiting. The development of counterfeit products that are hard to distinguish from the real thing is a growing problem that hurts manufacturers of a wide range of products, including clothing, handbags, jewelry, watches, sports gear, soap, software, CDs, cosmetics, beverages, and pharmaceuticals. In some cases, as with drugs and auto parts, counterfeit merchandise can be dangerous. Strict laws in North America and Europe have heavily discouraged counterfeiters, but Central and South America, Asia, Russia, and India maintain a robust knock-off industry.
A common scheme involves sophisticated counterfeiters who reverse-engineer a product to replicate the manufacturing process so that they can create a copy that’s hardly discernible from the original. Making matters worse, legitimate printers and container manufacturers who are under contract from major manufacturers have been known to deliberately produce packaging overruns, which are sold to counterfeiters to fill with bogus product.
In 1998, for example, a company in Pakistan began purchasing scrap plastic bottles from a major soap manufacturer. The containers were supposed to be recycled but instead found their way into the marketplace filled with counterfeit soap. Similar frauds have involved authentic candy containers, software boxes, and other packaging.
Solutions. Security has several options. First, due diligence must be conducted on firms hired to make product containers and packages. Before scrap packaging is hauled away for recycling, each package should be inventoried and damaged to prevent reuse. In the case of the soap manufacturer, the bottles should have been crushed and punctured.
Hard-to-duplicate holograms can be placed on packaging to help deter counterfeiting. Holograms come in many forms, but they are primarily stickers that attach to a product. Retailers are then asked to check all product for holograms before putting it on the shelf.
It is difficult for a counterfeiter to duplicate holograms because of the high degree of proprietary information used in their manufacture. However, holograms can be stolen by employees and sold to pirates for use on counterfeit products. Therefore, the manufacturer should specify that only a certain number of holograms be made; they should then be inventoried and stored in a secure location.
Another technique used by some manufacturers is to imbed a small marker on the inside or underside of the product. In some cases, the marks are visible only under UV light or with a laser. These methods work well, but manufacturers should change the location and design of the marks occasionally to keep counterfeiters off-balance.
ON THE ROAD
One of the most difficult security challenges is safeguarding components and products during transit between facilities or countries at various points in the manufacturing, assembly, and distribution process. The opportunity for theft is exacerbated by the decentralized structure of most companies’ security programs. Typically, there’s a different security manager in charge of each facility, country, or region. Although each pays close attention to concerns within his or her area of responsibility, there is often limited collaboration between regions. For instance, a security manager in Europe is unlikely to fly to Asia or Latin America to help his counterpart investigate a reported loss that resulted from weaknesses in the supply chain somewhere between the two continents. Thieves recognize and exploit these communication breakdowns.
If cooperation is lacking even among security professionals, how likely is it that non-security managers will make security a priority? There is, for example, little incentive for a logistics manager to implement tighter controls. Logistics and transportation managers are often evaluated (and compensated) on the basis of how quickly and efficiently they can move product between manufacturers, distributors, and retailers. Even if goods are discovered missing from the supply chain, the person responsible for overseeing passage will generally not be reprimanded or questioned, as long as the company’s rudimentary security procedures were followed.
In addition, companies sometimes focus on the cost of a contract without regard to the potential risks of an arrangement. This attitude can cost a company dearly. A manufacturer of disk drives in Malaysia, for example, encouraged the freight forwarder to find the cheapest route possible for transporting goods to California. To reduce transport costs, the firm sent hard drives destined for Los Angeles through Australia. As the shipment passed through the hands of several companies, including an airline, two pallets containing product worth $400,000 vanished. Because so many freight handlers were involved and paperwork was inconsistent along the supply chain, there was no way to know where the cargo was stolen. To make matters worse, law enforcement agencies in Malaysia, Australia, and the United States refused to investigate because it wasn’t clear which agency could assume jurisdiction.
Solutions. As with any business relationship, companies should check the credentials of shippers. It’s also essential to verify that those companies conduct criminal records and reference checks on their employees.
When conducting background checks on transportation companies, the investigator should determine whether each transport company is properly insured against documented losses. This coverage allows the manufacturer to collect damages from the insurance company should any product be stolen or lost in transit. The transportation company should also be asked to disclose the level of deductibles and to demonstrate how the company would cover those costs.
In addition, their audit and control procedures should be examined to make sure that the distribution centers, where product is usually stored for a brief time, are properly secured. Inventory procedures should be checked to ensure that the transport company documents all product as it arrives and leaves the facility. Security should also ensure that these centers have strong access control, surveillance systems, and patrol officers.
High-security cages should be used for high-value product, such as computers. Audible alarms should be in place to alert on-site security officers of a break-in.
Even after hiring a transport company, it’s advisable to check distribution centers periodically. For example, some manufacturers hire contract investigators to conduct quarterly security surveys of distribution centers throughout a transport company’s nationwide network to ensure that security measures and inventory controls are implemented consistently.
The manufacturing company’s security manager should review other security measures used by the transportation company. For example, the manufacturing company should ensure that the transportation contractor uses bar code scanners to keep track of product as it moves. This technology allows the company to check on the status of a shipment as it goes from point A to point B and to verify that all boxes contained in a shipment are present and accounted for when they arrive at their final destination. Under these systems, crates are labeled with a bar code and scanned when they leave the manufacturing facility. They are then scanned at every stop along the way, including arrival and departure from all distribution centers and at the final destination. The system records the time, day, and location of a product when it is checked in and logged out.
Security should check to see whether the transport company uses tamper-resistant seals and locks on cargo trucks. While seals can deter cargo theft, they are largely useless in an investigation unless careful records have been kept that enable the investigator to pinpoint where or when a breach occurred. Security should, therefore, also examine the shipper’s procedures.
The transport company should have a supervisor install the seal after the truck has been loaded, and the seal’s security number should be recorded in a log book. The security number should then be sent to a supervisor at the final destination either by e-mail, fax, or telephone. When the shipment arrives, the supervisor at the final destination should check and record the security number on the seal, which will not have changed as long as the truck has not been opened while in transit.
For high-value items, security should use a transport company that provides electronic tracking of all trucks in transit. Using a Global Positioning System (GPS) transmitter or similar technology, security personnel can track a truck, a shipping container, or individual package along its entire journey. Software at the transport company’s central monitoring station can alert security personnel when product or vehicles are being diverted from their intended course.
If the transportation company does not provide this service, the security manager can request it as a condition of doing business. In addition, the manufacturing company can purchase a tracking device for its own product (at a cost of between $500 and $1,500) and attach it directly to its shipment. It would then have to contract with a third party monitoring facility to track the product in transit, usually at a cost of approximately $30 a month. In the latter case, the transportation company should be told that the manufacturer’s product will be tracked.
Manufacturers should also consider setting up a telephone hot line (usually a toll free number) that can be used in the event that a shipment is delayed in transit. For example, a truck driver could call the hot line to report that his or her vehicle has broken down. The shipper can then dispatch security officers to the area to guard the product until the truck is repaired. In addition, some retail establishments will only accept shipments by appointment. If the truck driver arrives too late, the retailer will not accept the shipment until a new appointment is made. In the past, the trucking company dispatcher would be notified and a new appointment would be set, usually for the following day. The truck driver would then take the shipment to a rest stop for the night, where it would be vulnerable to theft. With a hot line, the delay can be reported directly to the manufacturer, who can arrange to have security at the rest stop with the shipment.
Manufacturers should also look at new technology for sealing cartons, such as tamper-resistant tape. Regular packaging tape can be removed or cut by thieves and then replaced, leaving little evidence that a carton has been tampered with. Tamper-resistant tape, which is only marginally more expensive than regular packaging tape, will change colors or display wording like “Opened” when it has been cut by thieves. (This is done through chemicals contained in the tape that react to any break in the tape.) With this product, truck drivers, security officers, and other workers at distribution centers can be tipped off quickly that a crime has occurred, giving investigators a better chance of finding evidence to solve the crime.
Manufacturers also need to implement internal tracking controls and procedures. Sensitive documents must be secured, and only personnel who are responsible for logging out shipments and logging in deliveries should have access to invoices, manifests, bills of lading, and delivery receipts. When invoices and other documents are traveling with a shipment, they should be secured in a tamper-resistant pouch or envelope that is only opened when the shipment arrives at its final destination. This procedure helps prevent truck drivers and other employees from modifying forms to hide a theft; it also prevents drivers and employees from determining the commodity type and value contained in the shipment.
The manufacturer should restrict access to blank invoices and documents, which could be stolen and forged to hide a crime. Likewise, it’s important to use secure log-on procedures and firewall protection to prevent unauthorized access to computerized inventory and shipping records.
When thefts do occur, a thorough investigation should be conducted. Whirlpool, for example, discovered last year that its washing machines, refrigerators, and components were disappearing when being transported by truck from plants in Mexico to U.S. retailers. An investigator followed a random shipment in his car, and found that one of the trucks containing appliances pulled off the road near Laredo, Texas, apparently a well-used drop point. Thieves carefully removed the hinges from the trailer doors so as not to disturb the door seals, offloaded appliances, and then replaced the doors to hide the crime.
After interviewing the driver, investigators confirmed that he had been bribed to repeatedly assist the thieves by pulling off the road and permitting access to his truck. When given this information, the police were able to track the thieves and break up a well-organized operation that was believed to have been responsible for more than $1.5 million in missing merchandise.
One way to deter this type of crime is for security to implement periodic random investigations of trucks in transit. Under this system, an investigator follows a truck as its leaves the manufacturing area, ensuring that it follows the predesignated route. The investigator also notes whether the driver follows proper security procedures during transit, such as locking down the truck when stopping at rest areas.
Another strategy gaining favor among consumer-products giants such as Panasonic is to ship products in plain cartons not labeled with the manufacturer’s brand name. (Inner boxes containing product bound for store shelves retain logos and descriptions of contents.) Intel and Dell were able to reduce their shipping losses by as much as 80 percent by “plain wrapping” shipments and shrink-wrapping entire pallets of product.
Companies work hard to develop valuable products and to build brand-name recognition that will increase customer loyalty and profits. Managers must work equally hard to keep those assets from being stolen or counterfeited, lest the company’s good name be tarnished and profits lose their luster.
Note. Jeffrey A. Williams, CPP, was the vice president of Pinkerton Asia Ltd. from 1992 until he retired in 2001. Jeffrey now enjoys a life as an independent consultant (in the Philippines,) with more than 15 years experience working investigative and security consulting matters, Philippines-wide. Prior to joining Pinkerton, Williams had a 23-year career with the U.S. Department of Defense as a special agent with the U.S. Air Force Office of Special Investigations. His last assignment was as the counterintelligence and security officer to the deputy commander in chief, U.S. Transportation Command. He runs his own investigative firm in the Philippines, Orion Support Incorporated (OSI), with website: www.osi.com.ph, and can be contacted at email@example.com.