Maritime Regulation & Shipping:

How is the ISPS Code affecting your Business?


By: Karsten von Hoesslin*



On July 1st, 2004, the International Ship and Port Security (ISPS) Code was implemented around the world by order of the United Nations’ maritime body, the International Maritime Organization (IMO).  The ISPS code provides a regulative framework to enhance security both at sea and in ports which all of the 164 members of the IMO adhere to.  The ISPS is typically seen through an international lens, however, it does have domestic implications specifically in the realm of economics.  So the question is; how is the ISPS code affecting your business? 


Along from a pile of paperwork, the implementation of the ISPS code may affect your business (should you be involved in maritime commerce), in two ways; with relative bureaucracy or absolute bureaucracy.  By “involved,” it is implied that you are either a large facility with coastal access that decided to create its own deep water port for the sake of eliminating a third party (such as a major Canadian port) or an exporter leasing hulls (the ships themselves) or containers to ship your goods.  Chances are that after the ISPS implementation date, you will have somewhere in the fine print of the receipt, found an increase in price.  It is also very likely that if you questioned the increase, the answer will be security related.  Should you complain, you will be told that according to international regulation, you should suck it up and pay the fee. 


This, however, requires further examination because the quality of risk assessment is often inaccurate and many business owners or small port facilities are paying far more than they should.  But first, it is necessary to go back to the basics and examine what is at the heart of the matter; the rationale behind the ISPS code.


The ISPS agenda got moving in the wake of the September 11th terrorist attacks.  Though the attacks were on land, the world began looking for the next potential environment susceptible to terrorist activities.  Since it is no mystery that sea commerce has its grey areas, the United States pushed the ISPS code through the IMO in record time.  There was no statistical pattern indicating that commercial ships were to be used for the next terrorist attack and since the notion of “conclusive evidence” has been rather abused as of late, the problem with the ISPS code is that it was pushed through too quickly.  Had the newly established Maritime Security Committee (MSC) of the IMO more time for risk assessment, the implementation of the ISPS code would be more effective.  With more time, the ISPS could have avoided over-bureaucratization and unnecessary overhead to those businesses involved in sea commerce all around the world.  


ISPS requires ships over 500 tons on international voyages to designate a crewmember as a Ship Security Officer (SSO); typically an unpaid position where the unlucky sailor is doing two jobs for the salary of one.  To remain competitive in the age of severe overhead reduction, many ships have skeleton crews (staffed with the bare minimum) so the last thing an overworked seafarer wants, is the extra assignment of regulating security, especially if there is no economic incentive.  Any port handling ISPS-affected ships must also have a Port Security Officer (PSO), and in conjunction with a long list of other acronyms, the port must have perimeter fencing, security cameras, and security guards. 


The world’s megaports such as Hong Kong and Singapore, and major transit areas such as the Panama and Suez canals, do not need a four letter acronym to remind them that security is important.  Since sea commerce is at the heart of their economy, they implemented security measures long before July 2004 while major ports in Europe such as Rotterdam, Antwerpen, and Hamburg have yet to turn an incompliant ISPS vessel away simply for fear of profit loss due to the competitiveness of European ports.  Instead, the European megaports use a pre-ISPS system to determine whether the ship is a risk to the port.  In other words, ISPS to them is just a piece of paper. 


Coming back to businesses using either megaports or developing ports of their own, the ISPS will either prove to be a complete headache with increased overhead or it will give you an excuse to upgrade your miniport facilities for other reasons, yet the bottom line is that no incentive exists to do either of the two.  A pulp and paper mill located on Canada’s west coast decided to avoid a third party system and build its own port facility (a dock) to avoid costly shipments through the port of Vancouver.  Developing their own port saved the mill CAD$750,000 per year; a wise move.  Even after insurance rates increased in the post-September 11th atmosphere (because of ineffective risk assessment), the mill continued to run its mini-port with reduced overhead.  However, once the ISPS code was implemented, which costs the mill CAD$500,000 annually, the reduction in overhead was no longer all that noticeable.  Making matters less appealing, the mill received no incentive from its insurance underwriter for becoming ISPS compliant.  Though the mill admits that ISPS gave them an excuse to upgrade their existing security to prevent unauthorized entry which could lead to a lawsuit or two, it did not receive any incentive from the underwriter to upgrade its security.  This is a problem that nearly every business faces which has decided to cut overhead by building its own port facility.  The mill for example, located in an area with a human population of approximately 2000, is more likely to be a safe haven for seagulls and black bears, knows at least a month in advance the details of the visiting vessel.  There is hardly a case to argue that this port needs upgraded facilities for the sake of greater transparency in the realm of maritime security.


Insurance underwriters are cashing in on poor risk assessment.  They may claim that the current boom in freight is giving ports and shippers record profits, but that is still no excuse to calculate risk improperly.  After all, if underwriters are really falling behind in premium levels proportionately to profit levels earned by shippers and ports, then they would not have a problem exposing their risk assessment formulas.  Surely you can guess the answer (no).                                  


The ISPS code was implemented too quickly without accounting for how insurance underwriters could profit maximize.  Canadian businesses are paying a price and it is far greater than the actual level of risk.  If you are not already losing out due to increased overhead by implementing ISPS, then you will lose out by not getting the incentive you deserve from your insurance underwriter by trying to upgrade existing security facilities.  As far as the author can recall, coastal British Columbia’s black bear community has yet to become an internationally recognized terrorist group.   



* Karsten von Hoesslin is a Research Associate with the Centre for Military & Strategic Studies, University of Calgary and was posted at the International Maritime Organization during the summer of 2004.