Once you pass AEO's baseline hurdles — a clean customs/tax record and two years of audited financials — DJBC shifts focus to your management system. This is where the seven special requirements come in. These aren't vague suggestions; they're concrete operational and governance criteria that auditors will scrutinize during validation. Understand each one now, and you'll move through DJBC's process far more smoothly.
1. Compliance with Customs and Related Laws and Regulations
What it means: DJBC wants documented proof that your company understands and follows customs law, tariff classification, declared-origin rules, restrictions and prohibitions (lartas), and related regulations.
What auditors expect: A formal compliance manual or procedures that cover:
- Tariff classification methodology and staff training records
- Origin-determination process (e.g., ROO for FTA goods)
- Restricted-commodity procedures (hazmat, agricultural goods, etc.)
- Declared-value methodology and supporting documentation
- Proof of customs-duty and tax payment compliance (past 3–5 years)
They'll also interview your AEO Manager and tariff specialist, asking specific questions like: "Walk me through how you classified this shipment's HS code" or "Show me your evidence of origin verification for this export."
Common pitfall: Generic compliance procedures copied from ISO standards, with no evidence of actual application. DJBC wants to see real examples: past shipments, classification decisions, duty calculations — the actual practice, not the theory.
2. Trade Data Management System
What it means: You must track, record, and maintain detailed data on your trade transactions in a structured, auditable system. This isn't just invoices; it's an organized database linking shipments, declarations, payments, and compliance events.
What auditors expect:
- A written TMS procedure describing how data flows from order through shipment and customs clearance
- Evidence of IT systems (ERP, customs broker portal, internal database) used to capture and organize trade data
- Sample query outputs showing how you retrieve shipment history by importer/exporter/product/period
- Retention policy (typically 5–7 years minimum)
- Controls against data loss (backups, version control, access logs)
- Proof that you reconcile declarations filed with DJBC against actual shipments and invoices
Common pitfall: Relying entirely on your customs broker's systems, with no independent backup or verification at your end. DJBC expects you to maintain your own master record, even if a broker files declarations on your behalf.
3. Financial Capability
What it means: DJBC must be confident you have the financial resources to maintain compliance and handle customs obligations. This goes beyond audited financials (the baseline); auditors want to see active cash flow and adequate working capital.
What auditors expect:
- Latest management accounts or interim financials (if seeking certification mid-year)
- Bank statements showing regular trade-related deposits and customs-duty payments
- No history of bounced cheques, unpaid customs duties, or tax arrears
- Proof of adequate insurance (marine, general liability) and surety/performance bonds if required
- For importers, evidence of regular letters of credit or payment capability for duty
- Debt-to-equity ratios and debt-service coverage ratios within reasonable ranges
Common pitfall: Presenting only historical audited statements without current-year evidence. If you're applying in June but your latest statements are from December, provide a certified interim balance sheet and cash-flow statement from your accountant.
4. Consultation, Cooperation, and Communication System
What it means: You need formal channels and procedures for staff and external stakeholders (customers, suppliers, DJBC) to raise questions, escalate concerns, and provide feedback.
What auditors expect:
- Documented communication procedures (e.g., a compliance hotline, email channel, regular town halls)
- Records of staff consultations or feedback received and acted upon
- Evidence of regular communication with DJBC (liaison meetings, written inquiries answered, incident reporting)
- A complaints log showing how you handle customs-related issues or stakeholder concerns
- Training rosters showing AEO Manager's engagement with ops teams
Common pitfall: Communication systems that exist on paper but no evidence of actual use. DJBC will ask: "Show me examples of feedback you've received and how you responded." If the log is empty, they'll assume you don't use the system.
5. Education, Training, and Awareness System
What it means: Your team must understand customs regulations, your company's AEO obligations, and their role in compliance. This requires a formal training plan and records.
What auditors expect:
- A documented training policy covering:
- Annual training schedule for AEO Manager, customs staff, and operations teams
- Training content (customs law, internal procedures, new regulatory changes, security protocols)
- Delivery method (classroom, online, workshops)
- Training rosters and attendance records for the past 12–24 months
- Training materials or course outlines
- Post-training assessments or quizzes to verify comprehension
- Evidence of new-hire onboarding covering AEO and compliance basics
- Refresher training records (at least annually)
Common pitfall: One-off training session followed by silence. DJBC expects continuous learning, especially when regulations change (e.g., new lartas on specific products). Your log should show training in June, September, and December — not just January.
6. Security and Safety Management System
What it means: You must have physical and procedural controls to prevent cargo theft, tampering, smuggling, and unauthorized access.
What auditors expect:
- Physical security measures documented:
- Facility access controls (gates, locks, ID badges)
- CCTV coverage and retention policy
- Cargo storage procedures (segregation of held vs. released goods, restricted-commodity storage)
- Vehicle security (if you're a carrier or consolidator):
- Vehicle inspection before and after use
- Driver identity verification
- Sealing procedures and seal registries
- Personnel security:
- Background checks on staff with cargo access
- Code-of-conduct policy and staff sign-off
- Incident-reporting procedures
- Cybersecurity (for IT systems holding trade data):
- Access controls and password policies
- Audit trails of data changes
- Business continuity and disaster-recovery plan
Common pitfall: Assuming "we have locks on the warehouse" is enough. DJBC wants documented procedures, evidence of compliance (CCTV clips, access logs, inspection records), and a regular audit to confirm the system works in practice.
7. Measurement, Analysis, and Improvement System
What it means: You must monitor compliance, measure performance, identify gaps, and act on findings. This is your continuous-improvement engine.
What auditors expect:
- A documented audit plan:
- Annual internal audit schedule covering all AEO requirements
- Audit procedures and checklists
- Names of internal auditors (should be independent from operations)
- Internal audit reports for the past 12–24 months showing:
- What was audited
- Findings and non-conformities
- Root-cause analysis
- Corrective actions and evidence of closure
- KPIs and metrics tracked:
- Customs-declaration accuracy rate
- On-time shipments
- Tariff classification error rate
- Training completion rate
- Security incidents (none is ideal)
- Management review:
- Records of AEO Manager + leadership reviewing audit findings and KPIs (at least quarterly)
- Minutes showing discussion of risks, opportunities, and improvements
- Evidence of corrective and preventive actions:
- If you found a gap in your March audit, you should show evidence that you fixed it by June
- If a DJBC auditor flags an issue, you should respond with a corrective action plan within 30 days
Common pitfall: Conducting an internal audit once a year and filing the report away. DJBC expects continuous monitoring. Your system should include monthly compliance checks, quarterly risk reviews, and documented follow-up on every finding.
Pulling It Together
These seven requirements aren't silos — they interconnect. Your trade data system feeds your compliance procedures; your training ensures staff know those procedures; your security protects the data; your internal audit checks that everything works; and your communication channels surface problems early.
When you prepare your AEO manual, don't create seven separate documents. Instead, build an integrated management system where compliance, training, data, security, and improvement flow together. That's what DJBC is really assessing: Does this company have a functioning system, or just a paper exercise?
Ready to Build Your AEO System?
Learn more about our AEO certification service →
RKM Consulting can help you develop each of these seven requirements as an integrated system, complete with templates, training, and DJBC validation accompaniment.