Control Framework

Organization personnel
Competence and professional qualifications
Risk register
Incident registration
Computerization and administration
Schematic overview

Organization personnel

The terminals are managed by the local management team under the direction of the General Manager. The Commercial Manager reports to the General Manager and is responsible for commercial and related support functions, including customs. Responsibility for customs matters lies with the CSC Manager, who reports to the Commercial Manager.

ETT and ETA both have dedicated customs resources. The customs employees at the terminal are supported proactively and upon request by the CGT team at HQ.

Customs employees at the terminals have a hierarchical reporting line to the CSC Manager and a functional reporting line to CGT.

An organization chart of each terminal is included as annex:

ETT - Org chart.pdf

ETA - Org chart.pdf

More details on how the C&E function for terminal services is organized from a group perspective is included here.

Competence and professional qualifications

All employees engaged in customs-related activities have successfully completed training covering applicable customs legislation, aligned with and proportionate to their respective roles and levels of involvement.

To remain up to speed with relevant customs and excise legislation, all VTTI employees involved in customs and excise matters are also subject to a comprehensive, ongoing training program. The program can consist, among other things, of the following elements:

For less experienced employees: Training programs at recognized educational establishments, such as Evofenedex or similar;
For all employees involved in customs matters: Annual internal customs and excise training, organized by CGT;
For all employees involved in customs matters: Internal toolbox training sessions (organized by CGT in case of relevant legislative changes or other relevant developments);
For all employees involved in customs matters: E-learning program in BzCtrl;
For all employees involved in customs matters: Webinars organized by Customs and other relevant authorities;
For all employees involved in customs matters: External conferences concerning customs matters.

The CGT team is responsible for the training program and determines which trainings are followed by which employee.

Risk register

All customs and excise compliance risks identified by VTTI are centrally captured in a risk register. For each identified risk, appropriate mitigating measures are implemented. The risk register provides a clear overview of the relationship between risks and their corresponding controls, enabling visibility of both the identified risks and the measures in place to manage them at a glance. Mitigating measures may include internal controls, automated checks or validations within ERP systems, or specific work instructions.

The risk register is included here

Incident registration

An important element of VTTI’s control framework is incident registration. All employees involved in customs-related activities are trained to identify situations of (potential) non-compliance and to report these. Incidents are registered in the incident registry in BzCtrl.

Registered incidents are discussed by the terminal customs team during the weekly stand-up meeting. Where appropriate, the customs team implements corrective actions to address non-compliant situations. In addition, the team assesses whether further measures are required to reduce the risk of recurrence. Such measures may include additional employee training, updates to work instructions or procedures, improvements in ERP, or the implementation of enhanced internal controls.

Incidents that require additional attention or are relevant from an AEO perspective are reported to the CGT team.

On a quarterly basis, an incident review is conducted during which CGT and the CSC managers of ETA and ETT evaluate incidents from the preceding quarter, identify measures to mitigate the risk of recurrence, and define follow-up actions.

Computerization and administration

ERP

To ensure compliance with its authorisations, VTTI strongly relies on its ERP system and the measures of internal control therein.

VTTI currently operates an ERP system called ATLAS. ATLAS has been developed in-house to ensure it aligns closely with the specific requirements of the tank storage terminal business. All relevant activities are registered in Atlas.

ATLAS interacts with CMS, VTTI’s customs module, through an interface. Based on standardized, predefined business rules, CMS reviews data input, generates documentation, submits declarations, and provides feedback to the user.

A detailed description of the process governed through ATLAS and CMS is included here.

The previous ERP system, Tomcat, is currently still operational at a number of terminals awaiting the phased, terminal-by-terminal rollout of ATLAS.

The software specialists who manage the ERP system from a technical perspective are employed by VTTI Terminal support services B.V. and have their permanent place at the head office in Rotterdam, the Netherlands.

With regard to the operation of VTTI’s ERP system, the following procedures are relevant to hardware, software, and access control in order to prevent system outages and security breaches.

A detailed description of the IT Authorisation procedure is included here

A detailed description of the Data security procedure is included here

A detailed description of the Technical data procedure is included here

Quality online

Within the VTTI Group, the management system tool QOL is available worldwide as both a document management and reporting tool.

When it comes to customs and excise, QOL is used for:

storage of work instructions
HSE

BzCtrl.

VTTI uses BzCtrl. as its compliance platform specifically for customs, excise and AEO-compliance. Key functions are:

Domains and workspaces – BzCtrl. is structured into multiple domains and workspaces, allowing user‑specific access rights to be defined so that only elements relevant to a particular user are visible.
Risk register – All identified customs-related risks are centrally documented. The risk register plays a central role in VTTI’s control framework. Each risk is mitigated through measures designed to keep the risk manageable.
Document management – The AO/IC, procedures, work instructions, and other relevant customs & excise documents can be accessed and updated centrally in BzCtrl. BzCtrl includes a revision history function, allowing updates to be monitored and earlier versions to be retrieved. Access rights and authorization to make updates can be granted to specific individuals, or documents can be marked as private, limiting access to a defined group of colleagues.
Internal controls – Customs and excise related ICs are integrated in BzCtrl. They can be assigned to a specific user, including a fixed recurrence term, deadline and reviewer. The results of internal controls are made accessible via BzCtrl.’s dashboard function.
Incident register – Customs compliance incidents (at HQ or at one of the terminals) are registered centrally in BzCtrl, providing the CGT team with real-time insight, and enabling the team to take measures as needed.
Archiving – Documents relevant for customs & excise can be stored in the system.
E-learnings – BzCtrl. is VTTI’s central tool for customs- and excise-related e‑learnings, which can be assigned to specific users based on content and role.
To-do – BzCtrl’s to‑do function makes the system suitable for use as a project management tool, enabling the tracking of actions, the setting of deadlines, and the assignment of actions to specific users.

Schematic overview

Schematically, VTTI's C&E control framework is set up as follows: