Request a demo

Reducing CBP Form 29 Risk: A Guide for Importers

What Every U.S. Importer Needs to Know About Illegal Transshipment, CBP Enforcement, and How to Protect Your Business

Article
May 19, 2026
Kit
Conklin
Chief Strategy & Global Affairs Officer

The penalties are not theoretical. Importers caught in an illegal transshipment scheme by U.S. Customs and Border Protection (CBP) — even unknowingly — can face retroactive duty assessments of hundreds of percent above declared rates, inventory seizure, loss of import privileges, suspension from trusted-trader programs, and criminal prosecution under 19 U.S.C. § 1586. CBP has the authority to look back five years.

Sector Exposure

Industries under Active CBP Targeting

CBP and Customs Trade Partnership Against Terrorism (CTPAT) guidance now identify entire industries that are being actively targeted, and enforcement actions are arriving in the form of quiet, easily-overlooked requests for information that can quickly snowball into multi-million dollar penalties.

Steel & Aluminum

Textiles & Apparel

Automobiles & Auto Parts

Electronics

Solar Panels

Agricultural Products

Wooden Furniture

Semiconductors

Critical enforcement signal

What is a CBP Form CF-28 and Why Does It Matter?

Most importers don’t realize that before CBP escalates a transshipment concern to a formal investigation, it typically sends a quiet but powerful signal: Customs Form 28 (CF-28), “Request for Information.” This is not a courtesy. It is an official demand under Section 509(a) of the Tariff Act of 1930, and how you respond — or fail to respond — determines what happens next.

A CF-28 is typically triggered when CBP finds incomplete, inaccurate, or suspicious information in your entry documentation. In the context of transshipment, it means CBP has already flagged your shipment as potentially misrepresenting country of origin, valuation, or classification.

DAY 0
CF-28 Issued

CBP sends a formal Request for Information to you, your customs broker, or via your ACE portal. The clock starts immediately.

DAY 30

Response Deadline

You have 30 days to provide a complete, accurate response. This timeline is often insufficient to gather supplier documentation, especially from overseas manufacturers. Extensions can be requested — but must be documented.

If Inadequate

CBP Issues CF-29 Notice of Action

CBP can unilaterally assess additional duties — including Section 301, Section 232, or AD/CVD — without your input, and may open an EAPA investigation.

Escalation

Formal Investigation and Penalties

EAPA investigations can result in duty deposits on all future imports, retroactive assessments, penalty actions, and criminal referral. CBP has authority to review five years of import history.

Proactive Requirements

Red Flag Indicators CBP Expects You to Monitor

CBP’s CTPAT guidance makes clear that importers are expected to conduct ongoing supply chain risk assessments and identify red flags proactively. Failure to do so — and failure to detect the following indicators — undermines your “reasonable care” defense.

No substantial transformation in the transshipping country — repackaging alone does not count as origin change
Discrepancies in trade volume between exports reported to origin-country customs and CBP imports
Overly complex transaction structures without clear and legitimate commercial purpose
Section 304 markings (Tariff Act of 1930) that do not accurately reflect true country of origin
Country of origin labeling that doesn’t match the manufacturing capabilities of the declared country
Routing through low-cost or FTA-friendly countries with no logical supply chain justification
Significant deviation from a supplier’s historical trade patterns or dubious pricing of goods
Freight forwarders declining to provide export services for dual-use items — a U.S. Department of Commerce’s Bureau of Industry and Security (BIS) red flag
Customer Expectations

What CBP Requires and Where Companies Fall Short

The CTPAT alert is explicit about what’s expected of members. Each requirement creates a workflow problem most companies cannot solve manually.

CBP REQUIREMENTS

Conduct strong risk assessments to identify shipments of potential concern

Vet all foreign suppliers against program minimum-security criteria

Build relationships with suppliers and business partners

Maintain notification procedures when anomalies are detected

Verify country-of-origin (COO) markings before importing

CHALLENGES WITHOUT EXIGER SUPPLY CHAIN AI

Manual review can’t scale across global supplier networks

Supplier vetting is time-consuming and data is fragmented across jurisdictions

No visibility into nth-tier suppliers — you only know who you buy from directly

Anomaly detection requires structured data and change monitoring at scale

COO verification requires cross-referencing trade data, not just reviewing documents

The Importer's Action Plan

What Importers Should Do Now to Meet Requirements

CBP’s enforcement posture is clear: importers cannot rely solely on supplier representations. The following workflow reflects what CTPAT guidance — and courts — define as reasonable care in preventing transshiptment exposure.

01

Map and Vet Your Full Supply Chain

Know every tier of your supply chain — not just your direct supplier. Verify that the declared manufacturing country has the capacity and infrastructure to produce the goods at the volumes you are importing. Conduct factory verification where feasible.

02

Conduct Ongoing Risk Assessments

Implement a format, documented supply chain risk assessment process aligned with CTPAT minimum-security criteria. Review for AD/CVD exposure, tariff applicability, and country-of-origin verification on every product category you import. 

03

Verify Country of Origin Documentation

Per Section 304 of the Tariff Act of 1930, all foreign-origin goods must be properly marked. Verify certificates of origin and HTS classifications are accurate before filing entry documents. Fraudulent COOs from suppliers do not transfer liability away from you.

04

Monitor for Red Flag Indicators in Real Time

Establish internal controls to flag anomalous routing, pricing deviations, unusual transaction structures, or suppliers with inconsistent trade volumes. These are the same data signals CBP uses to identify evasion schemes.

05

Know Your Freight Forwarders

Use only trade facilitators with sound export management and compliance programs. BIS guidance warns against routed export transactions unless a long-standing, trusted relationship exists with all parties in the transaction.

06

Have an Anomaly Notification Procedure

CTPAT requires members to have documented procedures for detecting and reporting anomalies. If something looks wrong, your team must know who to call — both internally and at CBP. Suspected violations can be reported through CBP’s e-Allegations system.

07

Respond to CF-28s Immediately and Strategically

If you receive a CF-28, do not treat it as administrative routine. Engage legal counsel and trade compliance experts immediately. Respond within 30 days. Assess whether a Prior Disclosure submission is warranted to mitigate penalties. Audit your broader import history for related exposure across the past five years.

Take Control of Your Compliance Posture

How Exiger Helps

The 1ExigerAI platform helps organizations find blind spots in their supply chains before disruption hits — turning reactive compliance into proactive defense.

Supplier Network Mapping

Connect relationships across suppliers, sites, and upstream dependencies down to the nth tier.

Real-Time Risk Monitoring

Continuous sanctions, regulatory, and trade-pattern surveillance with anomaly alerts.

Regulator-Ready Documentation

Traceability artifacts and audit trails that let you respond to a CF-28 with confidence.

Get an Exposure Assessment

Your Suppliers Have Blind Spots. Exiger Finds Them First.

Exiger provides the only purpose-built illegal transshipment detection capability used by CBP — which is now available to importers who need to find the same risks before enforcement agencies do. Don’t wait for a CF-28 to indicate your exposure.

LEARN HOW EXIGER CAN HELP 
insights

Perspectives

SEE ALL
ai-expo-2026-brandon-daniels
Article
A New Domain of Warfare: Supply Chains, AI and the Fight for Economic Dominance
supply chain command - featured
Article
Supply Chain Command: What CSCOs Need Before the Next Alert Hits 
Podcast Preview Feat Image
Podcast
Exiger Exchange Episode I | The Supply Chain Risks Behind the Trump–Xi Summit
1exigerai-ai-native-operating-system
Product Tour
Tour 1ExigerAI
P1 Press Release - PRN
Analyst Report
Exiger is the Highest in Execution and Furthest in Vision in the Gartner® Magic Quadrant™ for Supplier Risk Management Solutions
Email MQ Header (1200 x 630 px) (1)
Article
Exiger is Highest in Execution and Furthest in Vision in Gartner® Magic Quadrant™ for Supplier Risk Management Solutions
5 Supplier Risk Management Shifts
Article
5 Supplier Risk Management Shifts Gartner Is Surfacing for 2026
Thumbnail-uniting_supply_chain_resilience_and_cyber_preparedness
Podcast
Uniting Supply Chain Resilience and Cyber Preparedness
AHA and Exiger
Horizontal LinkedIn Graphics - April 2026 (1)
Client Alert
China Halts Sulphuric Acid Exports as War Squeezes Global Supply
Risk Awareness to Advantage Webinar 3 - Perspectives
Webinar
From Risk Awareness to Supply Chain Advantage - Session 3: Preparing for & Responding to Disruption
Session 3
swiss-pdf-1-featured
White Paper
The Hidden Gap in Model-Based Product Definition – and How to Fill It
swiss-pdf-2-featured
White Paper
Eight Hidden Costs of Using Analog Data in Modern Engineering Workflow