Customs Risk Management Framework (CRMF)

The common risk criteria and standards 

The Commission has adopted a set of common risk criteria (CRC) for EU countries to apply in their risk analysis systems. The criteria are set out in an implementing act based on the empowerment of Article 50(1) UCC, which is not public for obvious reasons. 

The CRC is primarily used to: 

• identify consignments/goods that could seriously affect the security and safety of the EU and its citizens
• provide equivalent protection across the EU’s external border based on common risk analysis 

The customs office where goods and declarations are presented is responsible for processing declarations and analysing risks. However, customs at the first EU point of entry have a legal obligation to carry out security and safety risk analysis, based on the CRC, on all cargo regardless of the EU country of destination. Consignments crossing the EU border are thus screened on the basis of those criteria 365 days a year. 

Priority control areas 

Priority control areas (PCAs) are the CRMF’s key mechanism for allowing the EU to designate specific areas to be treated as a priority for customs control. These areas are subject to more stringent customs controls carried out in a coordinated manner based on common risk criteria and real-time exchange of risk information. 

PCA characteristics 

Priority areas may relate to any customs procedure, types of goods, traffic routes, modes of transport or economic operators. These areas are subject to increased levels of risk analysis and customs control for a pre-determined period, with the possibility of an interim review. 

PCAs have built-in assessment procedures and flexibility for EU countries to ensure that the control procedure to be taken is not disproportionate or unduly disruptive in terms of how it affects trade flows within an EU country or at a particular port or border crossing. 

The Commission, together with the EU countries, has used the PCA mechanism to deal with counterfeit medicine, drug precursors and issues with the valuation of textiles, smuggling of cigarettes and control of dual-use goods. 

Exchange of risk information 

The Customs Risk Management System (CRMS), set up in 2005, provides a fast and easy-to-use mechanism for operational officials and risk analysis centres in EU countries to directly exchange risk-related information. 

It covers a broad range of possible risks such as: 

• security risks related to explosives
• safety risks related to health, the environment or product safety
• financial and commercial risks including those related to intellectual property rights and cash controls 

This exchange of information was particularly useful during the COVID-19 pandemic, when large quantities of medical goods needed to be swiftly checked and cleared for use. The CRMS is key to developing an EU risk management framework as it enables EU-wide customs intervention for the highest risks at the EU’s external border and within its borders. 

On 1 January 2022, the CRMS was comprehensively reshaped to provide EU countries with a state-of-the-art system known as CRMS2 which:  

• enables quick and easy real-time exchange of risk-related information between customs administrations
• provides tools to speed up the communication between customs offices of different EU countries
• manages a central database of risk and control related information 

Alerts (by means of, e.g. the risk information form (RIF)) can be instantly sent to any customs office to ensure risks identified at one border crossing are properly addressed at another border crossing. 

CRMS2 connects the customs communities in all EU countries as well as in Norway and Switzerland. This includes all international ports, airports, major land border posts and all national risk analysis centres. 

Approximately 670 customs offices and national centres and over 2 900 customs officers and risk experts are connected to CRMS2, covering the whole of the EU’s external border. It also includes a detection corner section allowing officers to share risk-related X-ray images as well as cases involving detection dogs.  

CRMS users are: 

• risk and control experts from customs administrations
• European Commission experts on issues related to customs risk management and risk information 

Information contained in CRMS2 is sensitive and is for customs use only. The public cannot access it. The privacy statement provides explanations on the processing of personal data in CRMS2. 

If you are a customs officer and you would like to get access to CRMS2, please contact your national risk management office.