A letter arrives from CBP's Regulatory Audit office. It reads politely — a summary of your import activity, a suggestion to review a few compliance publications, a reminder that disclosures exist. Easy to file away as routine correspondence.
It isn't routine. It's the first rung on a ladder, and every stage above it narrows your options a little more.
The CBP Enforcement Escalation Ladder
Each stage narrows your options — knowing where you are changes what you should do next.
Informed Compliance Letter
CBP flags your company for closer review — often because you haven't been audited in years, or your import data raised a risk signal.
Focused Assessment Begins
A comprehensive audit of your internal controls, run in up to three phases: a Pre-Assessment Survey, Assessment Compliance Testing, and a Follow-Up Audit.
Prior Disclosure Window Closes
The trigger is knowledge, not a formal notice — even a written finding in an ordinary audit email can start the clock. Once you know, self-disclosing no longer counts as "prior."
Pre-Penalty Notice
CBP proposes a culpability level — negligence, gross negligence, or fraud — under 19 U.S.C. § 1592(b)(1), and gives you a window to respond before any penalty is finalized.
Penalty Notice
The formal penalty is issued, calculated by culpability tier and merchandise value, with options to pay, offer a compromise, or petition for mitigation.
#FocusedAssessment · #PriorDisclosure · #CBPPenalty
Stage 1 — The Informed Compliance Letter
CBP sends these letters to flag importers for closer attention — often companies it hasn't audited in years, or ones whose import data has tripped a risk signal. The letter itself won't say "you are being audited." It says something closer to: here's your top import activity, here are some Informed Compliance Publications worth reviewing, and here's a reminder that prior disclosure exists.
Receiving this letter means CBP's Regulatory Audit function has already looked at your transactions and found something worth a closer look. Treating it as junk mail is the single most common mistake companies make at this stage.
The letter is, functionally, an invitation to self-review before CBP does the reviewing for you. Companies that use this window to run their own internal audit are in a meaningfully different position than companies that don't — for reasons that become clear at Stage 3.
Stage 2 — The Focused Assessment
If CBP moves forward, the next stage is a Focused Assessment — the most comprehensive audit program CBP runs for importers. It's built in up to three phases:
CBP is required to give advance notice before starting, along with a reasonable estimate of how long the audit will take, and you're entitled to an entrance conference where CBP walks through the audit's purpose and scope. This is a real audit, not a documentation request — a Focused Assessment can run for months.
Stage 3 — Why the Prior Disclosure Window Actually Matters
This is the stage most companies misunderstand, because it isn't really a "stage" that happens to you — it's a door that closes on its own, on a schedule you don't control.
The trigger isn't an official "Notice of Investigation" letter — it's knowledge. Once an audit team communicates a finding or problem in writing, even in something as routine-looking as a status email or a draft report, that written finding is enough to start an investigation and close the window. An audit in progress, on its own, is not yet an investigation — but the moment CBP puts a specific finding in writing, it can become one.
- A prior disclosure has to be made before you have knowledge that CBP has commenced a formal investigation into the issue — that's what makes it "prior"
- Once that window closes, self-disclosing the same violation no longer caps your exposure the way a timely disclosure would have
- An audit itself isn't automatically an investigation — self-testing and open discussion during a Focused Assessment generally don't trigger one on their own
- The Informed Compliance Letter and the early phases of a Focused Assessment are exactly the moment to run your own internal review and disclose what you find — before an audit-team email turns "reviewing" into "investigating"
- A validly filed prior disclosure can substantially reduce, and in some cases effectively eliminate, penalty exposure beyond the duty owed
The practical implication: the two "quiet" stages above (the letter, and the early PAS phase of the audit) are the highest-leverage moment in the entire ladder. Everything after this stage is CBP building a case; everything before it is still, in part, your call.
Stages 4 and 5 — Pre-Penalty Notice and the Final Penalty
If CBP concludes a violation occurred and prior disclosure isn't in play, the case proceeds under 19 U.S.C. § 1592. CBP first issues a pre-penalty notice, proposing a culpability level — negligence, gross negligence, or fraud — and giving you a defined window to respond in writing before anything is finalized.
The culpability tier CBP proposes here isn't fixed. A well-documented response — showing the classification rationale you actually relied on, the reasonable care your process reflects — can move a case from gross negligence toward negligence, which changes the penalty math considerably.
If CBP proceeds past that response, the formal penalty notice follows, calculated from the culpability tier and the value of the merchandise involved. From there you can pay it, offer a compromise, or petition for remission or mitigation — but the negotiating position at this stage is far weaker than it was at Stage 1.
The Pattern Across All Five Stages
Every stage on this ladder is CBP giving you one more chance to fix something before the next stage removes that option. The ladder only escalates in one direction once you stop acting on it.
The Informed Compliance Letter, the Pre-Assessment Survey, and the moment before a formal investigation opens are the same opportunity wearing three different names: review your own transactions honestly, and disclose what you find, before CBP's process does it for you.
How Declaro Reads This
Declaro's classification engine exists for the stage that matters most and gets the least attention — the quiet review before anything is flagged. Running your own portfolio against 220,000+ CBP CROSS rulings surfaces the classification questions worth a second look before an Informed Compliance Letter ever arrives, not after.
That's the difference this ladder is actually testing: whether your compliance process finds the problem first, or CBP's does.
Declaro is AI-powered HTS classification and duty recovery for licensed customs broker firms. Built on 220,000+ CBP CROSS rulings. Learn more →
