Nigeria – Customs Ready (or not) for Destination Inspection Role

Nigeran flagTrade House of Representative Committee on Customs, has expressed satisfaction with the Nigeria Customs Service (NCS) preparedness to take charge of the destination inspection scheme at the expiration of the six months extension granted the Service Providers by the government. Chairman of the committee, Hon. Sabo Nakudu, who disclosed this during the tour to access the performance of service providers, commended the scanners provided by the service providers as part of the contract with the federal government.

Nakudu, however frowned at the Risk Assessment Report (RAR), issued by the service providers which he said is plagued with so much controversies. He noted that the basic reason for the tour, was to confirm the preparedness of the Customs to take over and to ensure that what the service provider delivered, are as expected. According to him, “In most cases, there are instances whereby this risk assessment report are duplicated or un-utilized and instances where a particular consignment being issued with different amount.

“Agencies found (to be involved) in this regard by the committee will be probed to ensure that refund is made to the federal government on the percentages gotten from the RAR duplication.” He warned.

Nakudu maintained that the service is ready and capable of taking over the scheme from the service providers at the expiration of the extension at the end of the six months period. In his words, ” I am convinced that the Customs are trained and as you can see, the scanners are in order, but our major problem is the area of the risk assessment report, because that is where the revenue comes in from.

He also, frowned at the services of connectivity to Web Fontaine, which powers the Automated System of Customs Data (ASYCUDA), over deficiencies in its service delivery, saying that, government pays the firm $6 million monthly, without any commensurate investment and efficiency to show for it.

The committee however toured the scanning operations site in the Lagos Ports Complex, Apapa and the Tin Can Island Port Complex, and also inspected Cotecna Destination Inspection Limited (CDIL) and Global Scan Systems facilities respectively. Source:

I think Nigeria has made a bold (and correct) decision to adopt responsibility for control over its mandate. Many service providers will disagree as do many of the global audit firms who believe that the field of Customs Audit (including AEO) is best outsourced to their domain. It just shows that when business opportunity in the commercial (private sector) domain is not as easy to come by how the focus turns on what public domain opportunity lies in wake for them. The more service providers/consultants in government, the more consultants are needed to oversee what the original ones are doing! This is the sad situation in South Africa at the moment.

Cloud Computing update

Cliffe Dekker Hofmeyr offers an appraisal on the Working Paper on Cloud Computing – Privacy and Data Issues, recently published by International Working Group on Data Protection in Telecommunications. Although the guidelines detailed in the Working Paper are not mandatory, it appears that the intended approach to data protection in the cloud is one of uniformity, with a view to ultimately developing best practice based processing of personal information. It would be interesting to understand to what extent S ATrade Hub  and Microsoft, in conjunction with the Customs of Namibia and Botswana, considered any such guideline in regard to their cloud computing initiative on the Trans-Kalahari Corridor?

The recommendations under the Working Paper highlight some of the risks and complexities associated with cloud computing. The overreaching nature of the Working Paper will serve to ensure that there is no lowering of general data protection standards for processing personal data in the cloud. The Working Paper specifically advocates the following general recommendations:

  • Carrying out privacy impact and risk assessments prior to embarking on cloud computing projects.
  • Development of practices by cloud service providers to ensure greater transparency, security and accountability regarding information on potential data breaches; and also more balanced contractual clauses to promote data portability and data control by cloud users.
  • Research, third-party certification, standardisation, privacy by design technologies and other related schemes in order to achieve a desired level of trust in cloud computing.
  • Legislative reassessment of the adequacy of existing legal frameworks allowing cross border transfer of personal information and consideration of additional privacy safeguards.
  • Accounting for independent audit trails with regards to the location of the personal information. Continuity in the provision of information by data controllers to privacy and data protection authorities. These recommendations are aligned to the general principles set out in the European Union and Safe Harbor data privacy frameworks.

The Working Paper also provides more specific recommendations, on ‘best practice’, ‘controllers’, ‘cloud service providers’ and ‘auditing’. These specific recommendations contemplate the implementation of technical measures that can be used to determine the exact physical location where personal information is held and stored, with an audit trail specifying any copying and/or deletion of personal information. In addition, the Working Paper includes a suggestion for encryption of all personal information (both at rest and in transit) and also recommends the conclusion of agreements between data controllers and cloud service providers to expressly designate and limit the physical locations where personal information will be processed. The Working Paper specifically provides that the cloud service provider should not be entitled to use personal information in the cloud for its own purposes.

It is likely that significant steps will need to be taken by cloud service providers in order to comply with the recommendations under the Working Paper and/or applicable data protection laws, which may potentially require substantial financial resources, including for procuring and implementing the appropriate technology required to give effect to the recommendations and/or laws.

In the South African context, the principles under the current draft of the Protection of Personal Information Bill(PPI) (in particular, the provisions which relate to the conditions for lawful processing of personal information and transborder information flows) can be aligned to the recommendations under the Working Paper. The real test for cloud service providers and their customers will however be in the practical implementation of the principles under PPI. Many of the recommendations under the Working Paper will serve to provide guidance in this respect, particularly in the measures which need to be implemented to maintain a level of transparency in the supply chain of personal information in the cloud. Source: