W . flay o: . .L It». 1... ”.1 r 1X .an... . baby“, Vtfim. . if... .3. hr. Evita-.1 :1.“ 3 .1323. .3. kn: .1... w. . v.11..v...n.!$.. .. l:l..n5........2. \l‘... . .31 )JVn.’x .\ . :55ra... . 53:... ..».....t..n...h«v .. .m Wu....:.=.2.. ”$3.3m? 3% . % . at... fin... .n... 5%“ {$6qu ”.naflhmwn. afin £93..th n :2 til; 3. L": .;!g h 4 t5.... .1. .flfinm. fight)”. .t.3l$‘:'t ‘33.}! Tlgtig‘u lit......s 1.3.1.525. “Halt. {tins}. 1.13.52 H.102... iv...xei. .Ktntht It .4." .fin. 3.5!“. MINNIE. .Ittttcnr. :5 hr. ziltt. . . inlwfltrlrnnflnuufl In 1...... ISO-i . . x L :N.ltn.b.!hfl air.‘§t Iufldrluvlir.la:w : .1..t.ntn.1.. . a}. a“... “an”: r. In 5. 1 a . ’{Inl‘l 91...?! I! .t :52. .....II.:...... .115“ fi...:....: s 1.6: fir. 1135:. n52! 1:10;..3.‘ >3 This is to certify that the dissertation entitled ANALYSIS OF COUNTERFEIT RISKS AND DEVELOPMENT OF A COUNTERFEIT PRODUCT RISK MODEL presented by JOHN WILLIAMS SPINK has been accepted towards fulfillment of the requirements for the Doctoral degree in Packaging // "W - 7 Major Professor’s Signature é/fla/a 7 I I ' Date MSU is an Afiirmative Action/Equal Opportunity Employer ANALYSIS OF COUNTERFEIT RISKS AND DEVELOPMENT OF A COUNTERFEIT PRODUCT RISK MODEL By John Williams Spink A DISSERTATION Submitted to Michigan State University in partial fiilfillment of the requirements for the degree of DOCTOR OF PHILOSOPHY Packaging 2009 ABSTRACT ANALYSIS OF COUNTERFEIT RISKS AND DEVELOPMENT OF A COUNTERFEIT PRODUCT RISK MODEL By John Williams Spink Product counterfeiting is growing in both scope and scale. There is a need to take a holistic, all-encompassing approach to the anti-counterfeit strategy, including the development of a Counterfeit Product Risk Model. This research process collaborated and leveraged a wide variety of academic and industry expertise utilizing a literature review and interdisciplinary peer consultation to develop the Counterfeit Product Risk Model for consumer products. The range of disciplines for the research included: Packaging, Food Safety, Criminal Justice, Supply Chain/Logistics, Risk Analysis/Risk Assessment, Food Law, Food Safety, Food Defense, Intellectual Property Rights Law, Political Science, and Social Science. For example, the Criminal Justice concepts include “the chemistry of a crime” and “the crime triangle.” The Counterfeit Product Risk Model focuses on the probability portion of a traditional probability versus severity matrix, uses qualitative ranking, and due to the nature of the risk and the data, emphasizes extensive use of expert panels. This research defines five factors related to counterfeiting: Counterfeit-History, Counterfeit-Attractiveness, Counterfeit-Ability, Counterfeit-Hurdles, and Market Profile. The Model defines the derivation and integration of sub-factors, which “roll-up” to determine the rank of the factors. The model was then validated using a survey of 33 industry and agency experts. The survey included 17 ratings by people at a Corporate or Vice-Presidential level, and included six $1-$5 billion revenue companies and sixteen over $5 billion revenue companies. A broad and representative balance of industries was included: food, beverage, healthcare, pharmaceutical, medical device, law, finance, insurance, risk, consumer electronics, software, industrial original equipment manufacturers, and consumer packaged goods. “Assessing Agreement” analysis was conducted on the surveys and the interpretation of the result was an “almost perfect agreement” with the model. F leiss’ Kappa analysis was conducted to assess agreement over random chances, and this result was also an “almost perfect agreement.” The research included a Case Study to demonstrate the use of the Model. This research provides a valuable analysis of anti-counterfeit strategy, including an extensive look into the historical information. It provides a theoretically supported Counterfeit Product Risk Model that will assist in disrupting the “chemistry of the 9, crime. Copyright by JOHN WILLIAMS SPINK 2009 DEDICATION From my 1991 MSU Packaging Master of Science Dedication: This thesis is dedicated to my parents, sister, grandmothers and great aunts who encouraged and supported my graduate education. They instilled in me a desire to learn and raise myself to a higher level. They instilled in me the desire to fulfill my high self-expectations. They instill in me the idea that I can do anything. This dissertation is dedicated to my parents who look to make the world a better place. This dissertation is dedicated to my children, Celia and Kirill, who drive me to want to make the world a better place. But mostly, this is dedicated to my lovely wife who was my constant companion, supporter, and co-innovator. She helped refine and support the shared vision that is evidenced in this document and my life’s work. ACKNOWLEDGEMENTS I would like to thank the following people, without whom this work would not have been possible: Dr. Bruce Harte, for his guidance, expertise, support, camaraderie, and endless patience while serving as Advisor. I am indebted to him for first, helping identify this as a research topic, and second, for both giving me the free reign to explore the topic but also to drive me towards applicable ends. This work, and the expanding research area of Anti-Counterfeit Strategy, is a tribute to his vision. Dr. Ed Mather, for his unyielding support and encouragement of all my endeavors. I am especially indebted to him for originally bringing me back to MSU in a role with the National Food Safety and Toxicology Center, and specifically with the opportunity to develop and teach courses in the On-Line ProMS Food Safety Program. He has been instrumental through encouragement and support of Food Fraud and Food Counterfeiting as a unique scientific concept. Dr. Robb Clarke and Dr. Laura Bix both provided expert insight fi'om their areas of research, and both were instrumental and tireless in their encouragement and guidance of my development as an academic and as a scholarly researcher. Four other MSU Faculty Members were especially import to my ongoing research, and they are Dr. Julie Funk of Food Safety, Dr. Scott.Winterstein of the National Food Safety and Toxicology Center, Neal Fortin of the International Food Law Institute, and Dr. Ed McGarrell of the School of Criminal Justice. vi TABLE OF CONTENTS LIST OF TABLES ....................................................................................................... viii LIST OF FIGURES ......................................................................................................... x INTRODUCTION .............................................................................................................. 1 1.0 LITERATURE REVIEW ....................................................................................... 4 1.1 Counterfeit Definition Overview ........................................................................ 5 1.2 Counterfeit Definition Detail .............................................................................. 6 1.3 Scale of the Threat ............................................................................................ 12 1.4 Scope of the Threat ........................................................................................... 16 1.5 Counterfeit Drugs .............................................................................................. 17 1.6 Countermeasure Action and Deterrence ........................................................... 21 1.7 Summary ........................................................................................................... 28 2.0 RESEARCH ANALYSIS ..................................................................................... 29 2.1 Risk Factor Selection Analysis ......................................................................... 30 2.2 Risk Concept Research ..................................................................................... 35 2.3 Risk Model Research ........................................................................................ 60 3.0 MODEL DEVELOPMENT .................................................................................. 97 3.1 Model Overview ............................................................................................... 97 3.2 Research Introduction ....................................................................................... 99 3.3 Propositions ..................................................................................................... 100 3.4 Model Development Summary ....................................................................... 112 4.0 EXPERT SURVEY ............................................................................................ '113 4.1 Methods — Expert Survey ................................................................................ 113 4.2 Expert Survey Results and Discussion ...................................................... 119 5.0 CASE STUDY .................................................................................................... 132 6.0 CONCLUSION ................................................................................................... 138 6.1 For Further Research ....................................................................................... 140 APPENDICES ................................................................................................................ 142 APPENDIX A -— Results of Expert Survey ................................................................. 143 APPENDIX B — Raw Statistical Analysis .................................................................. 144 APPENDIX C -— Survey Responses — Raw Comments ............................................... 146 APPENDIX D — Case Study Roll-Up Detail .............................................................. 150 APPENDIX E — Case Study Example of Automated Function .................................. 159 REFERENCES ............................................................................................................... 162 vii LIST OF TABLES Table 1. Estimated Value of Counterfeit Goods Based on Success Rate of Seizures ...... 15 Table 2. List of Counterfeit Products from GBLAAC ..................................................... 16 Table 3. List of Counterfeit Products from WCO ............................................................. 16 Table 4. A General Probability versus Severity Matrix .................................................... 51 Table 5. Carver+Shock Software Tool: Shock Scale Descriptions .................................. 70 Table 6. Zurich Hazard Analysis Matrix of Severity versus Probability .......................... 74 Table 7. Suggested Mishap Probability Levels for Specific Events and Occurrences in Mil Std 882D ..................................................................................................................... 75 Table 8. Suggested Mishap Severity Categories in Mil Std 882D ................................... 76 Table 9. Example of mishap risk assessment values in Mil Std 882D ............................. 77 Table 10. Example mishap risk categories and mishap risk acceptance levels ................ 77 Table 11. Fire Danger Rating and Color Codes from the WP AS System ........................ 89 Table 12. Interpretation of Agreement for Expert Panel Survey Results ....................... 117 Table 13. Subject Classification — Title of the Expert Survey Subjects ......................... 120 Table 14. Subject Classification — Industry of the Expert Survey Subjects ................... 121 Table 15. Survey Classification — Company Revenue of the Expert Survey Subjects... 122 Table 16. Results of Survey Question 2 — Subject Expertise (Self-Assessment) for the Expert Survey Subjects ................................................................................................... 122 Table 17. Survey Results of the Expert Survey Subjects ................................................ 124 Table 18. Case Study Overall Counterfeit Risk for CFSI ............................................... 137 Table 19. Raw Statistical Analysis-Inputs and Overall Agreement ......................... 144 Table 20. Raw Statistical Analysis-Inputs and Overall Agreement .............................. 145 Table 21. Case Study Overall Counterfeit Product Risk, Summary ............................... 150 viii Table 22 Table 23 Table 24 Table 25 Table 26 Table 27 Table 28 Table 29 Table 30 Table 31 Table 32 Table 33 Table 34 Table 35 Table 36 Table 37 Table 38 Table 39 Table 40 Table 41 Table 42 Table 43 . Case Study Factor 1 Counterfeit-History, Summary ...................................... 151 . Case Study Factor 2 Counterfeit—Ability, Summary ....................................... 151 . Case Study Factor 3 Counterfeit-Attractiveness, Summary ........................... 152 . Case Study Factor 4 Counterfeit-Hurdles, Summary ..................................... 152 . Case Study Factor 5 Market Profile, Summary .............................................. 153 . Case Study Factor Derivation, Counterfeit-History, Sub-factor 1.1 ............... 153 . Case Study Factor Derivation, Counterfeit-History, Sub-factor 1.2 ............... 154 . Case Study Factor Derivation, Counterfeit-History, Sub-factor 1.3 ............... 154 . Case Study Factor Derivation, Counterfeit-Ability, Sub-factor 2.1 ............... 154 . Case Study Factor Derivation, Counterfeit-Ability, Sub-factor 2.2 ............... 155 . Case Study Factor Derivation, Counterfeit-Ability, Sub-factor 2.3 ............... 155 . Case Study Factor Derivation, Counterfeit-Attractiveness, Sub-factor 3.1 155 . Case Study Factor Derivation, Counterfeit-Attractiveness, Sub-factor 3.2.... 156 . Case Study Factor Derivation, Counterfeit-Attractiveness, Sub-factor 3.3 156 . Case Study Factor Derivation, Counterfeit-Hurdles, Sub-factor 4.1 .............. 156 . Case Study Factor Derivation, Counterfeit-Hurdles, Sub-factor 4.2 .............. 157 . Case Study Factor Derivation, Counterfeit-Hurdles, Sub-factor 4.3 .............. 157 . Case Study Factor Derivation, Market Profile, Sub-factor 5.1 ....................... 157 . Case Study Factor Derivation, Market Profile, Sub-factor 5.2 ....................... 158 . Case Study Factor Derivation, Market Profile, Sub-factor 5.3 ....................... 158 . Case Study Example of Automated Total Risk Determination ...................... 160 . Model Development — Example of Automated Summary of Total Rank ...... 161 LIST OF FIGURES Figure 1. Development of the Risk Model Using a Multiple Component Research Approach ............................................................................................................................. 3 Figure 2. The Risk Analysis Concept and its Components .............................................. 37 Figure 3. Counterfeit Product Risk Model Overview ....................................................... 98 Figure 4. Example of Probability versus Severity Matrix .............................................. 101 Figure 5. Example of Factors Defining Probability for the Overall Counterfeit Risk.... 108 Figure 6. Example of the Sub-F actor Derivation of the Market Profile Factor .............. 110 Figure 7. Example of Sub-Factor Derivation, with Data of the Market Profile Subfactor 5.3 .................................................................................................................................... 111 Figure 8. The Expert Panel Survey Questions Based on the Propositions ..................... 115 INTRODUCTION A range of organizations have addressed anti-counterfeit initiatives but there has not been an overall academic review of the strategy with an integrated Counterfeit Product Risk Model. This research focuses specifically on product counterfeiting and not on currency, document forgery, piracy, or artwork forgery. A deeper understanding of the strategic drivers behind counterfeiting will assist industry and agencies in making more effective and efiicient decisions to deter the threat. These include the selection of anti-counterfeit packaging components (e. g. holograms, RFID, color shifting inks, etc.) based on an understanding of the cost and benefit relationships (Lukasik, 2008). The product counterfeiting threat is increasing in risk and awareness (Fourtou, 2006; INTERPOL, 2007; Withington, 2005). Consumer and corporate awareness is rising due to publicized events, such as the FDA Similac Infant Formula product recall, the publicity from the book “Dangerous Doses,” the FDA Combating Counterfeit Drugs, report the 18 million dose recall of the popular cholesterol drug Lipitor, the melamine (counterfeit additive) in pet and human food, and the counterfeit branded toothpaste in US dollar stores just to name a few (Eban, 2005; FDA, 2007b; Kontnik, 2004; Xin & Stone, 2008). Consumers have a growing awareness that product counterfeiting has moved beyond luxury goods and that it occurs in developed countries such as the United States and many others (Hopkins, Kontnik et al., 2003; Phillips, 2005). It has been emphasized fi'equently that no product is too cheap to be counterfeited (FDA, 2006a; OECD, 2007b; WHO, 2000). The FDA Combating Counterfeit Drugs report specifically identifies the need for a study in this area and for further development of a process to review and categorize the risk. “FDA also plans to support the development of criteria that contribute to counterfeiting risk. .. to assist stakeholders in focusing their use of anti-counterfeiting technologies as effectively as possible” (FDA, 2004). In addition, FDA concerns regarding the vulnerability of imported foods have brought a deeper focus to both the counterfeit food threat and the broader economic food fraud concept. Even with all of this risk awareness of the risk, there is little detailed public information on counterfeiting specifics or risk models. There are many reasons for this, including the fact that the information is fi'equently classified or confidential. Many other risk research areas do not have a criminal element that warrants this level of sensitivity of sharing information (e. g. packaging safety, food safety, financial markets, actuarial tables, microbiological contamination, environmental exposure, equipment safety, etc.). The overall goal of this research is to show that an anti-counterfeit strategy is most efficiently and most completely reviewed from an academic perspective that is based in the packaging discipline since most industry solutions are coordinated in the packaging function by packaging managers. This goal is achieved through several key objectives: review anti-counterfeit strategy, review risk analysis theory, review applicable risk models, develop a Counterfeit Product Risk Model, review the findings with an Expert Panel Survey, and test the model using an industry case study (Figure 1). ummmm Search Risk Concept Research Development Risk Model Research Factor Research Case Study Survey Figure 1. Development of the Risk Model Using a Multiple Component Research Approach The objective of the research is to take a holistic, all-encompassing approach to analyzing anti-counterfeit strategy, and specifically to develop, and theoretically support, a Counterfeit Product Risk Model 1.0 LITERATURE REVIEW This section will introduce the counterfeit threat, scale, and scope, including an overview of regulations and countermeasures. This section intentionally presents a very wide overview of the counterfeit threat and countermeasures, to present a broad view of the topic, and to better assist in developing the prediction of a risk model. Particular attention will be paid to the aspects of the counterfeit threat that apply to establishing the root factors in the Counterfeit Product Risk Model: Counterfeit-History, Counterfeit- Attractiveness, Counterfeit-Ability, Counterfeit-Hurdles, and Market Profile. Prior to any strategic review of product counterfeiting, it is important to establish some key concepts (N aim, 2005): Illicit trade is driven by high profits, not low morals Illicit trade is a political phenomenon - illicit traders cannot prosper without help from governments or accomplices in key public offices. 0 Illicit trade is more about transactions than products - we are so accustomed to parsing the illicit trades into separate product lines o Illicit trade cannot exist without licit trade - all illicit businesses are deeply intertwined with licit ones. Indeed, traffickers have strong incentives to combine their illicit operations with legitimate business ventures. Illicit trade involves everyone - someone is buying... Governments can’t do it alone The US. Food and Drug Administration (FDA) and the World Health Organization (WHO) both recognize counterfeit prescription drugs as a public health threat, with the WHO going so far as to call it a global public health crisis (FDA, 2004; WHO, 2007a). In a presentation at the World Health Organization’s IMPACT (International Medical Products Anti-Counterfeiting Taskforce) Conference, the Council of Europe Director General called counterfeiting a “silent pandemic” (Vladychenko, 2006). The US Federal Bureau of Investigation (FBI) has called counterfeiting “. . .the crime of the 21St century” (Fourtou, 2006). Interpol has stated “Counterfeiting is increasing relentlessly year on year” (W ithington, 2005), an “. . .the losses due to transnational organized criminals to be “hundreds of billions of dollars annually” (INTERPOL, 2007). For brand owners versus the counterfeiters, “[often] the best they can hope for is that the counterfeiters find them enough of a nuisance that they knock off another product inst ” (Phillips, 2005). 1.1 Counterfeit Definition Overview One challenge of reviewing the counterfeit risk and threat is a lack of agreement on the most basic definitions. Different countries, organizations and industries apply a range of definitions (Collins, 2004; Council of Europe, 2006; WHO, 2007b; World Intellectual Property Organization, 2008). Reviewing the unique aspects of each of these definitions is important in developing the Counterfeit Product Risk Model, to understand how various factors influence the overall prediction of risk. With such a wide range of definitions used for counterfeiting, it is worth beginning with a review of the basic dictionary definitions of the key terms (Merriam- Webster, 2004): 0 Counterfeit — “to copy, with the intent to deceive” and “made in imitation of the genuine so as to deceive” Diversion -- "a turning aside from a course, activity, or use Simulation -- "1: the act or process of simulating 2: an object that is not genuine 3: imitation by one system or process of the way in which another system or process works" -- simulate ": to give or create the effect or appearance of' o Tamper -- "1 : to carry on underhand negotiations (as by bribery) <~with a witness> 2 : to interfere so as to weaken or change for the worse <~ with a document> 3 : to try foolish or dangerous experiments" 1.2 Counterfeit Definition Detail Counterfeiting encompasses several key concepts. Many of the industries and agencies involved with counterfeit products have published their own definitions. A review of those definitions will be included in the following sub-sections. The definition of the word counterfeit is evolving to cover both a macro, or umbrella term for the entire concept, and a micro, or specific term for the copying of the entire product and package, as is seen in the titles of several major reports by PIRA International (Pira), the US Food and Drug Administration (FDA), and the Organization for Economic Co-Operation and Development (OECD) (FDA, 2004; O'Kane & Gopalkrishnan, 2005; OECD, 2007c). 1.2.1 Counterfeit Counterfeiting is the copying of a product and/or package to deceive others into believing that the product and/or package are/is genuine—also called a knock off or fake. The FDA and WHO both includes deception about the source of a product in its definition of counterfeiting (O'Kane & Gopalkrishnan, 2005; US Department of State, 2006; WHO, 2007a). A more detailed review of the FDA and WHO definitions reveals important details and similarities in their definitions. The FDA definition of counterfeit drugs states: US. law defines counterfeit drugs as those sold under a product name without proper authorization. Counterfeiting can apply to both brand name and generic products, where the identity of the source is deliberately and fi'audulently mislabeled in a way that suggests that it is the authentic approved product. Counterfeit products may include products without the active ingredient, with an insufficient quantity of the active ingredient, with the wrong active ingredient, or with fake packaging (FDA, 2007a). The FDA clearly states “. . .sold. .. without proper authorization” in the definition of counterfeiting, which would thus include unauthorized product diversion and parallel trade as “counterfeit.” The World Health Organization (WHO) definition of counterfeit medicines states: A counterfeit medicine is one which is deliberately and fraudulently mislabeled with respect to identity and/or source. Counterfeiting can apply to both branded and generic products and counterfeit products may include products with the correct ingredients or with the wrong ingredients, without active ingredients, with insufficient active ingredients or with fake packaging (WHO, 2007b). The definitions used by the WHO and FDA are virtually identical, to the extent that many of the same-and in some cases exact—words and phrases are used. A technical difference is that the FDA uses “without proper authorization,” whereas the WHO identifies a fiaudulent “source,” so WHO does not include diversion or parallel as “counterfeit.” Counterfeit products can be split into deceptive and non-deceptive product groups (Green & Smith, 2002; Hopkins, Kontnik et al., 2003; Xuemei & Cleopatra, 2007). Deceptive counterfeits are products that are placed into supply chains with the intent to deceive the consumer into believing that the product is genuine in every way. Non- deceptive counterfeits are products that do not try to deceive the consumer into believing the products are genuine by their positioning in the market whether through the type of retail outlet in which they are sold (flea market, etc.), the price (exponentially low), or the quality (poor). 1.2.2 Diversion Diversion is the distribution of a genuine product outside of its intended market; it is also sometimes referred to as: parallel trading, gray market, smuggling, or product arbitrage (Liang, 2006; O'Kane & Gopalkrishnan, 2005; Paradise, 1999; Phillips, 2005). “Grey market, or parallel trade, may or may not be legal, depending on the country’s intellectual property laws” (Bix, Clarke et al., 2007). To try to increase competition and lower prices, countries such as Germany have explicit laws mandating importation of drugs originally intended for consumption in other countries (Groupement International de la Repartition Pharmaceutique, 2006). Diversion and parallel trade have many enablers and another is transshipment (also referred to as “trans-shipment” or “transhipment”), where the country or source of origin can be disguised in the confusion of moving product through relatively (or completely) unregulated and unmonitored facilities (European Commission, 2006; O'Kane & Gopalkrishnan, 2005; OECD, 2007a; Union des Fabricants (on INTERPOL.int), 2004; United Nations International Narcotics Control Board, 2006; World Customs Organization, 2007c). In this case, a product fi'om a suspected counterfeiting country may be sent to an intermediary country, repackaged and then reshipped from that country to disguise the genuine origin (Bogdanich, 2007b; World Customs Organization, 2005). This concept is also referred to as “neutralization,” whereby a suspicious country of origin is hidden and replaced on the shipping paperwork with a less suspect, or more neutral, country of origin (Bogdanich, 2007a; Rudolf & Bernstein, 2004). The gray market, which is comprised of authorized and secondary distributors (who may be authorized for some products), has had a long history of adding competition and efficiency to the pharmaceutical and healthcare supply chains, even though the diverted or gray market products increase the opportunities to co-mingle fi'audulent and legitimate products. (Council of Europe, 2006). Product arbitrage—which essentially seeks to obtain lower prices for a market—is a common, even respected, procurement best practice for many commodities such as oil and cotton. Those engaging in the practice are sometimes called “Arbs” (deKieffer, 2006b) 1.2.3 Simulations Look-a-Like products are also knows as mimics, knock-offs, or simulations, and they attempt to confuse the consumer with similar brand names or packaging (FDA, 2003; Liang, 2006; Naim, 2005; O'Kane & G0palkrishnan, 2005). A Look-a-like product does not duplicate the brand name. According to Webster’s Dictionary (yr), A “knockoff” (noun) is an imitation of a product that does not attempt to duplicate the brand name; to “knock ofi” (verb) a product is to make a copy[0] which may, or may not, be an exact replica of the brand and design (Merriam-Webster, 2004). The design patent law can be extremely complex to decipher, and the courts are fi'equently engaged to define what is legal. In the packaged goods industry, design patents are more commonly referred to as “trade dress” (Zaichkowsky, 2006). Trade dress is the “totality of elements” which combines to create a type of trademark or identity (US Department of State, 2006),, 1.2.4 Unauthorized Production Unauthorized production is when a legitimate contract manufacturer produces a product that was not authorized, and does so without the knowledge of the brand owner. This could be due to over production in an authorized facility or contracted production shifted to an unauthorized facility or supplier. This is also called an over-run, ghost shift, fourth shift (manufacturing usually runs 3, eight-hour shifts), ghost plant, or ghost supplier. (Booth, 1999; Council of Europe, 2006; Hopkins, Kontnik et al., 2003; "Imitating property... ," 2003; Paradise, 1999; Parloff, 2006; Waite, 2004). The illegal remanufacturing and sale of some wom-out parts can also be fall into this category (Branch, 2008). Unauthorized overruns at an authorized facility is especially difficult to prosecute, since all of the materials, design, and even the production equipment can be “genuine.” The plaintiff must prove that this product violated the license (Booth, 1999; Coalition Against Counterfeit and Piracy, 2006). 1.2.5 Tampering “Product tampering can take one of three forms: grazing is the sampling of products before purchase; pilfcring is theft during distribution or at a retail outlet; malicious tampering is the intention to do damage or extort money” (O'Kane & Gopalkrishnan, 2005). In terms of counterfeiting, tampering is considered small-scale; it includes actions such as refilling used packages and returning to retailers for full credit, or changing expired date codes (Collins, 2004; DiLonardo & Clarke, 1996; FDA, 2004; Jotcham, 2005). 10 1.2.6 Theft When considering counterfeit products, theft is an important concept to consider, since the product was procured illegally and is often sold to unsuspecting consumers. The product could have been mishandled or abused and thus become dangerous. Stolen products can be co-mingled with genuine product, illegally refilled, shoplifted, pilfered, hawked, boosted, and or taken through organized retail theft (ORT) (Chaudhry, 2006; Grocery Manufacturer's Association, 2007; Kroft, 2004; National Retail Federation, 2006; Sodipo, 1997). This can include large scale theft, as in the case of cargo theft, or the theft of entire tractor-trailers or seagoing shipping containers (Brekke, 2008). The FDA would define this as a counterfeit product since the source would have been (fisgunwd. 1.2.7 Piracy Piracy is frequently mentioned in association with counterfeiting, but they are distinctly different concepts (Balfour, 2005; European Commission, 2007 ; INTERPOL, 2007; Paradise, 1999; US Department of Commerce, 2007 ; US Department of State, 2006; World Trade Organization, 1994). Piracy refers to the “unauthorized reproduction for commercial gain of literary, musical, artistic, and other copyright works, but may also be used in some cases in the context of trademarked or patented works” (W allerstein, Mogee et al., 1993). The EC 1383 guidance document clearly differentiates “pirated goods” and counterfeits by defining piracy as violation of copyright (European Union, 2003). 11 1.3 Scale of the Threat There are many reasons for the increase in scope and scale of the counterfeit threat: globalization, the growth of brands, the growth of imaging and printing technology, and organized crime shifting its focus and resources inthis direction (Acheson, 2007a; Arrufiada & Vazquez, 2006; Closs & McGarrell, 2004; Hopkins, Kontnik et al., 2003; Kelly, 2005; Naim, 2005; van Schendel & Abraham, 2005; Yar, 2005). The underlying driver of the counterfeit boom is the massive profit that can be made by unscrupulous manufacturers, in addition to relatively low enforcement and penalties for counterfeiting. The Counterfeit Intelligence Bureau (CIB), of the International Chamber of Commerce (ICC), estimates the worldwide trade in fakes to be 5-7% of the world’s trade (Counterfeiting Intelligence Bureau, 1997, 2007). That estimate, which equates to US$500-$600 billion annually, has been referenced by a wide range of other agencies and organizations (European Commission, 2007; United States Department of Justice, 2006; World Customs Organization, 2006). What is especially surprising is that only a fi'action of total sales (estimated at 4-10% of all counterfeited goods), in an measurement are believed to be in what would be considered “luxury goods” (Alcock, Chen et al., 2003; Phillips, 2005). “In 2006, luxury goods accounted for only one percent of all the items intercepted by the 27 Customs administrations of the European Union (EU)” (World Customs Organization, 2007a). The grth in counterfeiting is astounding, for example, the Center for Medicine in the Public Interest (CMPI) has estimated that the worldwide counterfeit pharmaceutical threat will grow from US$46 billion in 2005 to US$75 billion by 2010 12 (Schwarz & Wong, 2006). The counterfeit product market has an even faster growth rate; it is now the size of the worldwide trade in illegal drugs (heroin, cocaine, marijuana, etc.), which is estimated at ~US$500 billion (Budima, 2006; Union des Fabricants (on INTERPOL.int), 2004; United Nations Development Programme, 1999). Criminal organizations that expanded from illegal drugs to counterfeiting have, by definition, essentially doubled their potential market. Counterfeiting overlaps with other illicit trades, organized crime, and terrorist networks. A natural connection, given the similarities in product and format, is between the fake medicine and illegal drug trade, which have come to follow many of the same routes (Naim, 2005). The estimates for the impact of counterfeiting on the global marketplace are elusive and the CIB states, “Given the clandestine nature of the business, such estimates are no more than educated guesses” (Counterfeiting Intelligence Bureau, 1997). There are a number of reasons for this: the clandestine nature of the counterfeiters, the reduction in consumer detection of fakes due to increased quality, the low incentive for product companies to divulge counterfeiting, and the fact that the core data collection comes only from seized goods (Bialik, 2007a; Ivanova, 2007; World Customs Organization, 2007b). Unfortunately, determining the level of counterfeiting is made more complex because the dollar amounts are sometimes defined using the value of the genuine product (if sold at genuine retail price) and sometimes by the value of the sale of fake products (sold as fake product) (OECD, 2007c). PIRA’s Collins (2004) also states that: "Statistics in this area are difficult to validate both because of the clandestine nature of the threats and some brand owners' reluctance to talk, and the array of different authorities collecting statistics for varying purposes." The estimates are given as a range, since the data is based on a combination of estimating what percentage of product gets caught, and educated guesses 13 (heuristic perceptions) about what has passed through (Ivanova, 2007; Los Angeles County Development Corporation, 2007). Regarding the customs seizure results, "We wouldn't consider the seizure rate to be a random sample of the extent of counterfeit goods coming in," says Loren Yagar, of the Government Accountability Office study (as quoted in (Bialik, 2007b». To further compound the complexity of estimating a scale of counterfeiting, a large amount of the work in the counterfeit area is either classified by governments or considered confidential by companies. The economic impact can also be measured in lost sales for companies and lost tax revenue for governments (OECD, 2007b). The tax revenue loss can be in the billions, even for US cities. Los Angeles estimates their annual losses to be $483 million (Los Angeles County Development Corporation, 2007) and New York City estimates their annual losses to be $1 billion (New York City Comptroller's Office, 2004). Table 1 demonstrates how some counterfeit estimates are derived. For example, the US Customs and Border Protection Bureau of the Department of Homeland Security (US Orstoms) present actual data on the amount of product seized during a year — 2004 in this example. If US Customs stated that $138 million was seized, then to figure the total estimated value of counterfeited goods, the analyst must estimate the percent of product that was confiscated. This table then estimates the “implied value of counterfeit goods” based on an “assumed interdiction rate (%).” So if $138 million represents 1% of all counterfeit goods, then the “implied value of counterfeit goods is $13.8 billion, as the table demonstrates (Los Angeles County Development Corporation, 2007). Of course, the actual counterfeit value and the actual interdiction rate are unknown and unknowable. 14 Table 1. Estimated Value of Counterfeit Goods Based on Success Rate of Seizures Estimated Value of Counterfeit Goods Based on Success Rate of US. Customs and Border Protection Seizures, 2004 (Percentage Rate and Billions of Dollars) US. Customs Assumed Interdiction Rate (%) 10.0% 5.0% 1.0% 0.2% 0.1% Implied Value of Counterfeit Goods Entering the US. $1 .43 $2.83 $13.8B $69.18 51383 (Note: the report quotes $138. million in counterfeit goods seized by US Customs in 2004) The US Customs and Border Protection Bureau reported that twenty-six million commercial shipping containers were imported in 2008 (US Customs and Border Patrol Bureau, 2008). The US. FDA estimates that they inspect less than 1% of all imported food products, and that around 0.3% is actually lab tested (FDA, 2002; Paradise, 1999). The Rotterdam shipping port, one of the busiest in the world, estimates they “inspect” approximately 3% of the products that pass through their system (Phillips, 2005). “Inspect” could mean anything from simply reviewing documentation to opening and physical inspection of the shipping containers (European Union, 2003). The World Customs Organization (W CO) has discussed the difficulty of determining fakes even when the product is inspected (World Customs Organization, 2007a). While quantitative determination of the counterfeit threat is impossible to determine, the existing data points and anecdotal evidence emphasize that this is a serious threat (Bialik, 2007a; United States Government Accountability Office, 2008a). It is important to accept that the financial opportunity for the counterfeiters is astronomical, which leads to great incentive and motivation to grow the scope and scale of the crime. 15 1.4 Scope of the Threat The scope of the counterfeit product threat is widespread. Product counterfeiting could be an economic threat, a public health threat, or both. It is important to note that for the criminals doing the counterfeiting, the public health threat may be quite real but occurs through negligence and not intent (PriceWaterhouseCooper, 2007; United States General Accounting Office, 1995). A general list of some counterfeited products is noted from the Global Business Leaders Alliance Against Counterfeiting Global Business Leaders (GBLAAC) in Table 2 (Global Business Leaders Alliance Against Counterfeiting, 2003): Table 2. List of Counterfeit Products from GBLAAC Adhesive strips Agrochernicals Baby food Batteries Canned meat and fish Cigarettes Clothing and footwear Coffee Cosmetics and skin creams Credit cards Diving masks Dry food gpods Golf clubs Household appliances Household detergents and cleaning products Inkjet and toner cartridges Motor oils Parts for automobiles, trucks and other machinery Perfume Pharmaceuticals Photographic film Razor Blades Rubbish bags Shampoo Soft drinks Software, audio and video Sportswear Super glue Tea Toothpaste and toothbrushes Toys Wines and spirits Zippers There are even reports of foodstuffs such as waffles, apples, candy and chewing gum in Table 3 (European Commission, 2005). A WCO report lists some other counterfeited products (World Customs Organization, 2007a). Table 3. List of Counterfeit Products from WCO Soup Mineral water Breast implants Contact lenses Pharmaceutical products for treating life- Pacemakers threatening conditions such as breast cancer and high blood pressure, Weapons of war Automobile brake disc pads, and even a WCO training course on CD 16 A random listing of the public health threats from the World Health Organization (WHO) shows the following (WHO, 2007a): e 89 children died in Haiti in 1995 and 30 infants died in India in 1998 due to the consumption of paracetamol cough syrup prepared with diethylene glycol (a toxic chemical used in antifreeze). o In 2001, in South-East Asia, a Wellcome Trust study revealed that 38% of 104 anti-malarial drugs on sale in pharmacies did not contain any active ingredients. 0 In Cambodia, in 1999, at least 30 people died after taking counterfeit anti-malarials prepared with sulphadoxine—pyrimethamine (an older, less effective anti-malarial) which were sold as artesunate. All countries, even the biggest source economies, are adversely impacted by product counterfeiting. It is estimated that 250,000 Chinese die each year from counterfeit or “substandar ” medicines though this does not account for all counterfeit products, so the actual numbers may be even more staggering (Morris & Stevens, 2006; Schwarz & Wong, 2006). 1.5 Counterfeit Drugs Counterfeit drugs will be covered in more detail than other product segments because there are more regulations and public reports available on this industry segment. The terms pharmaceutical, prescription drug, drug, and medicines are often used interchangeably in the literature, and thus, in this section (Council of Europe, 2006). Healthcare products (such as bandages and surgical gloves) and medical devices (such as pacemakers and intravenous bags) are usually clearly separated from pharmaceuticals. 1.5.1 The Counterfeit Drug Scale As noted in a New England Journal of Medicine article, the FDA Director of the Counterfeit Drug Task Force estimated that “less than 1%” of US. prescription drugs were counterfeit (Rudolf & Bernstein, 2004), but with $216 billion spent on 3.4 billion 17 prescriptions, this would still equate to $2.6 billion worth of counterfeits and 34 million counterfeit prescriptions. The FDA estimates do not include legitimate or counterfeit prescription drugs that are sold on the “street” by a traditional “drug dealer.” The CMPI has estimated that the worldwide counterfeit pharmaceutical threat will grow fi'om $46 billion in 2005 to $75 billion by 2010 (Schwarz & Wong, 2006). This estimate is fi'equently referenced by many organizations such as the EU, WHO, FBI, and FDA (Collins, 2004). PIRA has developed estimates that the market share of counterfeits are (Collins, 2004): 5% in North America, 5.8% in Europe, 10.5% for the rest of the world, and an overall global rate of 6% A World Health Organization survey of counterfeit prescription drugs estimates that 1-10% are counterfeits in developing countries, that 40% of counterfeit incidents are in developed countries; that developed countries with effective regulatory systems had fewer incidents; and that over 50% of all internet purchases were counterfeit (WHO, 2007a). The FDA Combating Counterfeit Drugs report is a summary of industry perspectives and surveys, and it is not meant as guidance nor is it an official position document. The FDA report does list attributes that can contribute to products likely to be counterfeited (FDA, 2004). The factors listed here, and the additional detail provided later, are a mixture of probability and severity factors that make up the overall risk (which is a combination of risk and severity) (FDA, 2004). 18 Drugs history of counterfeiting; Drugs price; Drugs volume; Drugs dosage form; Drugs clinical uses; and Whether similar products had a history of being counterfeited. As was stated earlier, the discussion and data relating to counterfeiting is often confusing since different organizations or agencies use different base definitions. 1.5.2 The Counterfeit Drug Scope The World Health Organization (WHO) investigated seized counterfeit prescription drugs and published their insights. They focused their analysis on the physical product (WHO, 2007b). “In terms of types of counterfeits and their magnitude, the products reported can be grouped into six categories: Products without active ingredients, 32.1%; Products with incorrect quantities of active ingredients, 20.2%; Products with wrong ingredients, 21.4%; Products with correct quantities of active ingredients but with fake packaging, 15.6%; Copies of an original product, 1%; and 0 Products with high levels of impurities and contaminants, 8.5%. In terms of a public health threat, several authors corroborate the results of the WHO survey which revealed that most counterfeiting does not pose an active threat, such as anthrax or poison or a bomb (Council of Europe, 2006; OECD, 2007d; WHO, 2007b). The WHO survey reported that 91.5% of counterfeit drugs were a placebo at worst though a placebo cholesterol control medicine, vaccine, or birth control pill can create a public health dilemma or threat (WHO, 2007b). Of the 8.5% of products that contained some threat, many included contaminants derived from poor manufacturing practices, such as bacteria. With the Heparin counterfeiting in 2007, the public health threat was 19 from an allergic reaction to a contaminant that cost one-twentieth of the price of the genuine ingredient (Bogdanich, 2008). The COE report identified these as either active or passive threats (Council of Europe, 2006). Another threat associated with counterfeit prescription drugs mentioned by the World Health Organization was in the undermining of consumer confidence in a novel treatment or in the drug itself (“pharmacovigilance”) (WHO, 2006) such as happened with anti-malarial drugs, which have a recorded 10-70% counterfeit rate (WHO, 2007a). The WHO noted a 1995 incident in Niger, in which 50,000 people were inoculated with a counterfeit vaccine that was donated by another country. The counterfeit vaccines resulted in 2,500 deaths (WHO, 2007a). This is a specific example where patients lost confidence in the healthcare system and the very drugs that could be helping them. In other instances, the consumption of wrong or ineffective drugs could contribute to antibiotic resistance of bacterial pathogens, leading to diseases that are harder to treat (Liang, 2006). These are a few examples of counterfeiting from the FDA report on counterfeit prescription drugs (FDA, 2003): o Procrit, a drug used by cancer and AIDS patients, was recently counterfeited and the drug was replaced with non-sterile tap water, which could have caused a severe infection of the bloodstream. o In another recent counterfeiting incident, white tablets with “aspirin” imprinted on them replaced Zyprexa, a drug used for schizophrenia and acute bipolar disorder. - Counterfeiters also have been known to switch a lower-strength drug for [a] higher strength drug. As a result, patients receive lower than expected doses of [the] drug, leading to ineffective treatment and therapeutic failure. 20 1.6 Countermeasure Action and Deterrence Agencies and organizations, such as the FDA and the WHO, have begun programs to review and deter drug counterfeiting. These include focused programs such as the FDA Counterfeit Drug Task Force. Also, the WHO has implemented the International Medical Products Anti-Counterfeiting Task force (IMPACT). 1.6.1 Countermeasure Regulation and Enforcement Despite the often low level of enforcement or prosecution, it is important to emphasize the regulation and enforcement of intellectual property rights (United States Government Accountability Office, 2008a). Without regulation (deterrent laws), regardless of the actual level of enforcement, counterfeiting would not be illegal. 1.6.2 Intellectual Property Rights Counterfeiting is illegal in most countries since the practice violates intellectual property right laws of trademark, or design infringement, or both. Intellectual property rights (IPR) are protected under the “Agreement on Trade Related Aspects of Intellectual Property Rights, Including Trade in Counterfeit Goods,” also known as “TRIPS” (World Trade Organization, 1994). In the United States, the United States Code (U SC) is “the law” and the Code of Federal Regulations (CFR) is “how to implement the law,” including enforcement, reporting, and punishment (United States Patent and Trademark Office, 2008). Prosecution against infiingers can be initiated by the government or by citizens, and the action can either be under criminal law (offense against the state) or civil law (offense between two citizens) (US Department of State, 2006). The “Enforcement of Intellectual 21 Property Rights Act of 2008” (PRO-1P Act) allows the US Department of Justice to bring civil cases against infiingers, which is significant since the burden of proof is lower in civil cases than in criminal cases (Leahy, 2008). There are several milestones in the evolution of counterfeiting laws (Marvel, 2008): o Trademark Counterfeiting Act of 1984 o Anticounterfeiting Protection Act of 1996 0 Stop Counterfeiting in Manufactured Goods Act of 2006 The US Department of Commerce has an interdepartmental initiative on intellectual property rights at StopFakes. gov, which identifies the most significant intellectual property rights’ provisions (US Department of Commerce, 2007). The counterfeit trademark crime is set out at 18 U.S.C. 2320 ; Criminal infiingement of copyrighted works is set out at 17 U.S.C. 506(a) and 18 U.S.C. 2319; The counterfeit labeling provision is set out at 18 U.S.C. 2318; Theft of trade secrets [is] prohibited by 18 U.S.C. 1831 and 1832 In addition, the Digital Millennium Copyright Act (DCMA), at 17 USC 1201- 1204, is applied for copyright of recordings or software (US Department of State, 2006). There are some civil (rather than criminal) laws, such as 15 USC 1117 and 15 USC 1536, which focus on specific remedies for the plaintiffs and define the authority of the US Customs (Marvel, 2008). In general, the laws continue to be adapted to be more efficient in closing gaps to more appropriately address the overall counterfeit threat. For example, 21 USC 331 (i2- i3) makes it illegal to possess the tools and mechanisms to make the counterfeit drugs. That being said, 18 USC 2320 is used more often since it “has a bigger stick” of increased penalties (Marvel, 2008). 22 The Intellectual Property Rights (IPR) laws cover trademark, patent, copyright, and trade secrets. The basic laws that govern the counterfeiting are for trademarks and patents, and are usually present in the same violation. Specifically a trademark covers a word/design/symbol (a brand logo), whereas a patent covers a utility/design/plant (a design of a machine). Most countries have similar laws, and there are many international treaties on the subject. The Anti-Counterfeiting Consumer Protection Act has applied the RICO Act (The Racketeer Influenced and Corrupt Organizations Act) to counterfeit crimes (18 USC Sec. 1963, 2006). The RICO act was successful in the 1980’s when it was applied to illegal narcotics trafficking (e. g. cocaine) in the US. The Act’s strongest feature is the seizure of “real property, including things growing on, affixed to, and found in land; and tangible and intangible personal property, including rights, privileges, interests, claims and securities” (18 USC Sec. 1963, 2006). A key to the RICO Act in the US is that, when applied, it has very sharp teeth. If you catch them and don’t prosecute, it breaks down. If you prosecute but don’t sentence, it breaks down. If you sentence but don’t take their money, you’ll have a problem. So what is very important is that you need to engage the full spectrum of criminal justice (Phillips, 2005). Nevertheless, actual prosecution of formal counterfeiting activities is difficult since two “states of mind” need to be established: intentional trafficking in counterfeits and knowing use of a counterfeited mark (Marvel, 2008). Regarding the role of diversion in counterfeiting, the international intellectual property rights law firm, “Torys,” states that every counterfeiter they brought to court claimed to be a secondary or gray marketer selling genuine products outside of authorized channels, and not a counterfeiter (Coalition Against Counterfeit and Piracy, 2006). If the plaintiff can convince the court 23 that the intent was diversion, this eliminates the application of the counterfeit laws (Marvel, 2008). There is a continued agency and industry effort to coordinate actions to effectively deter counterfeiters (Lukasik, 2008). 1.6.2.1 Civil Liability for the Brand Owner Foreseeable hazard, also known as willful negligence or willfirl blindness, is being applied to counterfeit products (Coalition Against Counterfeit and Piracy, 2006; Greenberg, 2003; Supreme Court of the State of Florida, 2003; University of Florida, 2004; Yankus, 2006). “Willful blindness” only applies when it can be proven that a person “must suspect wrongdoing and deliberately fail to investigate” (Marvel, 2008). A new type of “foreseeable hazard” for companies is included in the reporting requirements of the Sarbanes-Oxley Act of 2002, which require the reporting of business risks, which can extend to counterfeiting and diversion (Coalition Against Counterfeit and Piracy, 2006; Millar & Yeager, 2007; O'Kane & Gopalkrishnan, 2005). 1.6.2.2 Control of the Distribution of Products and Brands Another legal aspect that applies to counterfeiting is the specific definition of when, and to what extent, ownership and control of a product passes fiom the seller to the purchaser. This is important to this research in terms of the risks inherent in diverted product. The control of a diverted product is based on a country’s position on the Exhaustion Law—also called the First Sale Doctrine covered under law (18 USC 109) (US Department of State, 2006)—since the intellectual property rights owner exhausts the control of distribution of a product upon the first sale of the product (Y eung & Mok, 2006). There are two perspectives on this law: after the brand has been put into trade 24 with the consent of the trademark owner, either they have control of the distribution of their brand or they do not, they exhaust their control once the product is sold (Prahl, 2007) To supplement the First Sale Doctrine, the United States uses a unique interpretation of the Tariff Act (19 USC 1526) to block the import of a trademarked product without the trademark owner’s approval (Tritter, 1989). This application helps narrow a supply chain gap, and provides insight into the value of other counterfeit countermeasures. Many other global threats are being addressed with processes or systems that will also assist in fighting counterfeiting, such as actions that increase the traceability of international shipping containers, electronic pedigrees (history of ownership) for prescription drugs, and the traceability regulations and processes for food. 1.6.2.3 Pedigree The FDA has been pursuing a drug pedigree to authenticate products but a lack of pedigree does not automatically indicate that a product is counterfeit (FDA, 2006b). “A drug pedigree is a statement of origin that identifies each prior sale, purchase, or trade of a drug, including the dates of those transactions and the names and addresses of all parties to them” (FDA, 2006b). The drug pedigree regulations were first introduced in 1999, but have faced continual delays or injunctions as recently as 2008. In the US, medical devices are implementing a method called “Unique Device Identifiers” (CDRH/FDA, 2009). 25 1.6.3 Packaging Countermeasures The Intellectual Property Rights holders (e. g. brand owners) face a tremendous financial liability if their products are counterfeited, in loss of sales, cost of recalls, loss of brand equity, and civil litigation. Brand owners have been successfully sued for not protecting the marketplace from counterfeit products, even though they did not manufacture the counterfeit product themselves (Coalition Against Counterfeit and Piracy, 2006; Greenberg, 2003). Anti-counterfeit package technologies take several forms and the technologies fall into three general groups: packaging components, authentication, and traceability (FDA, 2004). The FDA Combating Counterfeit Drugs report categorizes packaging components as authentication (the ability to prove genuine) technologies (FDA, 2003).) One product or feature could fall into several categories. The packaging technologies can also be deterrents by implementing “counterfeit-evident” and “counterfeit-resistant” actions (Andel, 2006). By the same token, one anti-counterfeit feature could fall into several categories based on its role in deterrence. Of the anti-counterfeit packaging component technologies, there are three main concepts: overt, covert, and forensic (which is also sometimes called reserved) (Collins, 2004; O'Kane & Gopalkrishnan, 2005). The FDA definitions are provided below (FDA, 2003): o Overt technologies are protective measures that are easily visible to the eye, such as holograms, color shifting inks, and some watermarks. 0 Covert technologies are protective measures that are not visible to the eye and frequently require special equipment for visualization (and authentication). These include some watermarks, certain inks and dyes that fluoresce or absorb ultraviolet light, and invisible bar codes. 26 o Forensic technologies are protective measures that require sophisticated analytical equipment, usually found in a forensic chemistry lab, in order to be identified. These include chemical markers, taggants, and other unique chemical properties of a substance. Overt technologies could be as simple as a complex package shape, a unique design feature, or a unique component such as a child-resistant or tamper-evident feature. Traceability, also referred to as “track and trace,” technologies include radio- fi'equency identification (RFID) and barcodes, and are implemented to identify and follow a product through the supply chain (Bix, Clarke et al., 2007; Dietrich, Puskar et al., 2006; FDA, 2003; Greenberg, 2003). Authentication includes features, processes and procedures that serve two purposes: they make it harder to counterfeit a product and they provide a way to determine if a product is authentic (FDA, 2004). Examples of authentication technologies include: “color shifting inks, holograms, fingerprints, taggants, or chemical markers embedded in a drug or its label” (FDA, 2004). Other features could include RFID tags, 2-D bar codes, electronic pedigree, and even just more closely monitoring the supply chain. A discussion of deterrent actions is not complete without considering the response by the counterfeiters (Lukasik, 2008). “And counterfeiters are skilled at duplicating holograms, ‘smart’ chips and other security devices intended to distinguish fakes from the genuine article” (Balfour, 2005). Global marketing directors have stated that their sophisticated, multi-year researched technologies have been knocked off very quickly (Balfour, 2005; Collins, 2004). Even RFID is mentioned as “promising but not risk proof” by both the Center for Medicine in the Public Interest and the FDA (FDA, 2003; Schwarz & Wong, 2006). 27 A layered approach, combining several varied components and systems, is usually implemented for the greatest impact. 1.7 Summary Product Counterfeiting is clearly not a victimless crime. Counterfeit products are a clearly recognized and significant economic and public health threat. The counterfeit product threat is growing in scope and scale. An interdisciplinary, multi-layered approach is necessary to curb the growth in counterfeits and the risk to the public. The lack of specific public research and refereed publications underscores the value of initiating counterfeit-specific academic research. The quantitative data on the overall threat is very sparse and has been described as unknowable. Counterfeit product estimates are a combination of actual seizures and educated guesses. Strategic research and advanced models are called for but are not yet published, at least not in the non-classified and non-confidential, open source literature. It is evident that a strategic approach is necessary to effectively and efficiently deter counterfeiting. 28 2.0 RESEARCH ANALYSIS This chapter analyzes three main areas that apply to developing the Counterfeit Product Risk Model: (1) “Risk Factor Selection Analysisml” Research which explores and develops detailed attributes of a counterfeit threat, (2) “Risk Analysis” Research which explores the aspects and methods of risk analysis that apply to the model, and (3) “Risk Model” Research which explores a wide-review of risk models. This chapter takes a purposeful research based analysis the basics of counterfeiting, risk analysis, and risk models to specifically address what should, and what should not, apply to the Counterfeit Product Risk Model. This section expands on the literature analysis to explore and develop key, root factors that address the counterfeit threat and can be used in the development of the Counterfeit Product Risk Model. Agency reports—specifically the FDA Combating Counterfeit Drugs report—stress the need to have a counterfeit risk model that would help brand owners review aspects of the counterfeit risk and prioritize the highest risk products for deterrent actions (FDA, 2004). 29 Five factors were selected for the Counterfeit Product Risk Model, based on literature and report reviews, and peer consultation. 0 Counterfeit-History: evidence of past counterfeiting o Counterfeit-Ability: ease of mimicking genuine product 0 Counterfeit-Attractiveness: scale of fi'aud in relation to costs 0 Counterfeit-Hurdles: deterrent activities or systems 0 Market Profile: aspects of the consumer, the sales channel, the manufacturing system, etc. 2.1 Risk Factor Selection Analysis Sodipo (1997) presented one of the most complete and detailed discussions of the attributes impacting counterfeiting, based on research related to the TRIPS (Agreement on Trade Related Aspects of Intellectual Property Rights) agreement. Sodipo’s Key counterfeit attributes were: Profits Cheap to copy Easy to copy Unsatisfied market demands Difficulties of detection and proof Non-deterrent laws and lacunae in laws Poor government policies Location of countries [production]) From a counterfeit product supply-side perspective, there are an additional set of more detailed sub-factors to be considered from the driving factors of counterfeit supply The Organization for Economic Co-Operation and Development (OECD) listed, from a supply-side perspective a set of detailed factors that should be considered as potential counterfeit drivers (OECD, 2007a): 30 0 Market Characteristics High unit profitability Large potential market size Genuine brand power 0 Product, Distribution and Technology Moderate need for investments Moderate technology requirements Unproblernatic distribution and sales High ability to conceal operations Easy to deceive consumers 0 Institutional Characteristics Low risk of discovery Legal and regulatory fiamework Weak enforcement Non-deterrent penalties Also, the OECD listed, from a demand-side perspective a set of detailed factors that should be considered as potential counterfeit drivers (OECD, 2007a): 0 Product Characteristics Low prices Acceptable perceived quality Ability to conceal [fake] status 0 Consumer Characteristics No health concerns No safety concerns Personal budget constraint Low regard for IPR 0 Institutional Characteristics 2.1.1 Low risk of discovery and prosecution Weak or no penalties Availability and ease of acquisition Socio-economic factors Counterfeit-History It has been emphasized repeatedly in the literature that the strongest indicator of the risk of product counterfeiting was past evidence of product counterfeiting (FDA, 2004; Hopkins, Kontnik et al., 2003; O'Kane & Gopalkrishnan, 2005; OECD, 2007b; Phillips, 2005). For example, the OECD’s Economic hnpact of Counterfeiting and 31 Piracy report specifically identifies the first of three steps in evaluating counterfeit magnitude as “identification of those goods that have been detected in international trade as counterfeit or pirated” (OECD, 2007c). That being said, the opposite is not true—a lack of evidence of past counterfeiting is not indicative of a low risk of future counterfeiting. The attacks can be random, a very well protected product may get knocked off and a completely unprotected product may never get knocked off (deKieffer, 2006a; FDA, 2003). This factor is important [0]since the past counterfeiting or diversion is indicative of the potential for more counterfeiting and diversion. 2.1.2 Counterfeit-Ability “Counterfeit-Ability” is a measure of the challenge of duping consumers (or retailers) into thinking they are buying the genuine product (deceptive counterfeits), or to just make the counterfeit product sale (non-deceptive counterfeits). This factor includes consideration of the product itself, the packaging, and even the authentication systems, such as warranty registration (Collins, 2004; Global Business Leaders Alliance Against Counterfeiting, 2003; Kontnik, 2004; OECD, 2007b; Sodipo, 1997; World Customs Organization, 2007a). This factor [0]is important since the ability to actually sell a counterfeit product is a major driver for counterfeiters. 2.1.3 Counterfeit-Attractiveness Counterfeit-Attractiveness” is a measure of the ability to profit, taking into consideration the costs of production and of getting products to, and into, a market (Global Business Leaders Alliance Against Counterfeiting, 2003; Kontnik, 2004; OECD, 32 '2‘ in. l IBC \ I“? 2007b; Sodipo, 1997; World Customs Organization, 2007 a). A very large market size may not always be a positive, if it contains very educated consumers (who would recognize minor variations between the genuine and fake product) or if there are very stringent deterrents in place (Lukasik, 2008). A very small market size may not always be a negative, if the set-up and execution costs and hurdles are low. This factor [0]is important since the ability to make a financial profit is a major driver for counterfeiters. 2.1.4 Counterfeit-Hurdles “Counterfeit-Hurdles” is a measure that includes deterrent activities—whether designed or inherent in a system—that create challenges to any of the other counterfeit factors (Collins, 2004; Global Business Leaders Alliance Against Counterfeiting, 2003; Kontnik, 2004; OECD, 2007b; Sodipo, 1997; World Customs Organization, 2007a). The easiest hurdles for a brand owner to implement are packaging components, since they only take one management decision, versus integrated supply chain or enforcement solutions (McNeely, 2007, 2008). A hurdle could be a routine lab inspection of incoming raw materials, which would increase the chance of a counterfeit additive being rooted out. A characteristic of a supply chain that could reduce the impact of counterfeiting is establishing exclusive regional licensing agreements, where the local company pursues local enforcement of the brand (Kennedy, 2005; Kontnik, 2006; Studler, 2008). This factor [0]is important since fewer barriers or hurdles equate to a higher Counterfeit- Ability or Counterfeit-Attractiveness, but Counterfeit-Hurdles are unique and should be considered in their own factor. For the Counterfeit Product Risk Model, which is discussed in detail in Chapter 3, if a product has many or complex hurdles, then the risk ranking would be “Low” for the 33 contribution of this factor to the overall risk of product counterfeiting. This process was utilized for continuity in the model (low always being good). 2.1.5 Market Profile “Market Profile” is a measure of the infinite aspects of product development, production, supply chain specifics, retailing, consumer demographics, and geographic marketplace dynamics that contribute to the Counterfeit Product Risk Model. This f[0]actor is important since it considers characteristics that impact the counterfeit risk that are not included in the other[0] factors. 2.1.6 Counterfeit Risk Sub-Factors The literature and reports emphasized the value of breaking overall risk into components, such as probability and severity. The components of probability and severity have been broken down into qualitative characteristics such as high, medium, and low (Todd, 2008). Further, it was recommended that the overall components, such as probability, be broken down into unique factors and sub-factors. In many cases, key attributes play a much more significant role than other attributes, and the specific model sub-factors should be chosen by a specific company’s expert panel (Aven, 2003; Cruz, 2002; Todd, 2008). The literature and reports that were reviewed discussed some of the market factors in detail, for example, in the OECD report that covered specific industries, a common set of sub-factors was not found that would cover all products (OECD, 2007c). The identification and application of sub-factors that are unique to each product or company are explored more in the Model Development Section. 34 2.1.7 Risk Factor Selection Analysis Summary In this Risk Factor Analysis Section, five factors that comprise the counterfeit risks: Counterfeit-History, Counterfeit-Attractiveness, Counterfeit-Ability, Counterfeit- Hurdles, and Market Profile were selected based on the information covered. The research supported using, but not explicitly universally defining, sub-factors. 2.2 Risk Concept Research Since product counterfeiting is a recently emerging and rapidly evolving risk, this section will focus mainly on the risk assessment aspect of the overall risk analysis concept. It is important to research the risk concepts to gain a perspective on the components that apply to the Counterfeit Product Risk Model, and to firrther theoretically justify what is, and what is not, proposed. This section reviews risk analysis and its three core components of risk assessment, risk management, and risk communication. This section will include a discussion of why classical statistical methods in general, cannot be applied to small and incomplete data sets likely to be available to be used in the Counterfeit Product Risk Model. Dr. Buchanan, a CFSAN/F DA risk assessment expert offers a very useful overall perspective: A good risk assessment should be sufficient to answer the question that is being posed, but not so complex that it substantially delays or confuses the need by risk managers, the users of the risk assessment, to reach a decision (Buchanan, 2004). Risk analysis, and particularly the subroutine of risk assessment and its antecedent hazard identification, is a key aspect in developing an anti-counterfeit strategy. 35 .9 CO in Hz» [5' f I I 2.2.1 Overview of Risk Analysis Risk is the exposure to a chance of loss (Claycamp, 2003; Kaplan, 1997). Risk analysis is not a number or value in and of itself; it is a combination of three basic concerns: what could happen, how likely it is to happen, and what the consequences are if it does happen (CF SAN/FDA, 2002, 2003; Kaplan, 1997). The goal of risk analysis, as with corporate quality control programs, is to reduce errors, incidents, or risks as low as possible, but the total elimination of risk to a probability of zero is usually not practical, or even desirable considering that there is a point of diminishing return on the incremental risk mitigation investment (Banks, 2005; Busta & Chaisson, 1997; Nakayachi, 1998; United States Government Accountability Office, 2008b). At the 2008 International Association for Food Protection (IAFP) Annual Conference, Dr. Buchnan stated, “The concept of zero tolerance expresses an absolute but has no meaning scientifically.” (Buchanan, 2008). The goal of a process or system might be “zero defects” but the probability of a defect would not be zero. With food products, even with the worst of substances, there is some low level of tolerance before it is considered a public health threat (“threshold of regulation” or TOR) (CFSAN/F DA, 2005). That being said, the presence of a contaminant, even within acceptable tolerances, may lead a company to action such as a recall. The process does try to reduce the magnitude of each error, to the point that the errors are not big enough to result in a “defect.” There will still be variations, but they are reduced to a point where they are not critical (Lipscomb & Lewis, 2004). 36 Risk analysis consists of risk assessment (and the antecedent of hazard identification), risk management, and risk communication (see Figure 2). Risk Assessment Risk . Including Hmrd Management Identification Risk Analysis Risk Communication Figure 2. The Risk Analysis Concept and its Components The FDA/CFSAN defines risk analysis this way: “Risk analysis is a tool to enhance the scientific basis of regulatory decisions. It includes risk assessment, risk management and risk communication activities” (CFSAN/F DA, 2002). Risk Assessment is broken down to hazard identification, hazard characterization, exposure assessment, and risk characterization. These are defined by FDA and USDA as: 0 Hazard Identification: “First, risk assessors and risk managers must clarify the public health hazard that is the subject of the assessment and any possible policy options that are under consideration” (FSIS/USDA, 2003b). 0 Hazard characterization: “Next, the risk assessors must evaluate the adverse health effects caused by the public health hazar ” (FSIS/USDA, 2003b). 0 lllness/ death 0 Economic 0 Social/ political 37 0 Exposure Assessment: “Then, an exposure assessment must be conducted to estimate the likelihood that the hazard will be present in food, and if present, at what level” (F SIS/U SDA, 2003b). 0 Risk characterization: “Next, a dose-response model is constructed to figure out at what dose or concentration that hazard will cause illness or death” (FSIS/USDA, 2003b). The FDA/CF SAN describes risk management and risk communication this way: 0 Risk Management: “The risk management phase involves using all of the information gathered during the assessment to evaluate policy options” (CFSAN/F DA, 2003). 0 Risk Communication: “Risk communication not only refers to communicating the results of the risk analysis to the general public, but also to the ongoing communication among risk assessors, managers, scientists, regulators, and various stakeholders during the entire process” (CFSAN/F DA, 2003). It is important to clarify that throughout the literature, the terms hazard identification and risk identification are often used for the same step in the process. This step is sometimes considered as a separate precursor to risk assessment, leading to four main steps to risk analysis, instead of three (Cervone, 2006; F SIS/U SDA, 2003b). There is a great deal of research and literature in the area of risk assessment, and. although there are methods of reviewing risk that are very quantitative and rigorous, what is important to the Counterfeit Product Risk Model is that the process of developing models or tools is recognized as a very fluid and creative art (Broder, 2000; Etherton, 2007; Jablonowski, 1996; Kaplan, 1997; Langford, 2002; Taylor, 2006). 2.2.2 Risk Assessment and Hazard Identification A hazard is “Any real or potential condition that can cause injury, illness, or death to personnel; damage to or loss of a system, equipment or property; or damage to the environment” (Mil-Std-882D, 2000). Processes such as HACCP are excellent at managing risks, once the risk has been identified. The very first and most basic step is 38 figuring which risks or hazards should be included in a full risk analysis (F SIS/USDA, 2003b). Deciding which hazards to actually consider is based on many factors, such as familiarity and an assumption of the ability to actually mitigate the risk (Marvin, Kleter et al., 2009). Research shows that in the period leading up to the financial market meltdown of 2008, financial risk managers foresaw the dangers of the sub-prime market, but the “meltdown” was considered very improbable and assumed to be a risk that should be accepted since it seemed too big for any company to mitigate (Gerardi, Lehnert et al., 2008) . Some companies, such as Goldman-Saks, did take action and reduced their exposure to the sub-prime market even though it reduced their short-term financial returns during a market boom (Kiviat, 2008). A danger is that the counterfeit risk hazard may not be completely factored into the risk assessment since it could be considered unknown or unmanageable, or a very remote possibility. A detailed discussion on risk assessment is available from the United States Office of Management and Budget (OMB) (Office of Management and Budget, 2006). Types of Risk Assessments - Risk assessment is a broad term that encompasses a variety of analytic techniques that are used in different situations, depending upon the nature of the hazard, the available data, and needs of decision makers. The different techniques were developed by specialists from many disciplines, including toxicology, epidemiology, medicine, chemistry, biology, engineering, physics, statistics, management science, economics and the social sciences. Most risk assessments are performed by teams of specialists representing multiple disciplines. 2.2.3 Probabilistic Risk Analysis (PRA) Some risk, probability, mathematical, and quality control theories intertwine. A review of “probabilistic risk assessment” highlights ways in which these areas are, and are not, similar. Probabilistic risk analysis/assessment (PRA) is a highly regarded method or tool that is part of the general risk analysis concept. While this provides 39 general insights, strict adherence to PRA does not apply directly to the Counterfeit Product Risk Model. Probabilistic risk assessment (PRA) is a method of quantifying risk analysis. The general steps include: system identification, event identification, frequency estimation, consequence analysis, risk estimation (frequency and consequence estimation), and risk assessment (Zambrano, Sublette et al., 2007). As stated in a NASA Newsletter, PRA is quantitative and by definition focuses on “every life-cycle aspect of a complex engineered technological entity” (Starnatelatos, 2000). In addition, the US Office of Management and Budget’s “Proposed Risk Assessment Bulletin” (2006) emphasizes using PRA for physical systems, such as “dams, nuclear and chemical plants, liquefied natural gas terminals, space shuttles and other physical systems” (Office of Management and Budget, 2006). In the article “Using Probabilistic Risk Analysis to hnprove Risk Management," which appeared in the peer-review journal Risk Analysis, the benefits and limitations of PRA were discussed as being “imperfect but useful” (J ablonowski, 1996). The article emphasizes that PRA, and all risk analysis, is based on imperfect knowledge, so the uncertainty must be commrmicated. In more uncertain events, conveying the probabilities with words rather than numbers is a way to express greater uncertainty. For the Counterfeit Product Risk Model, PRA has limitations since there is little actual data on the frequency or severity of the loss. A formal PRA focuses on assigning probabilities to a loss and bases the full analysis on historical data. A formal PRA is also focused on discemable, discrete events rather than system- wide, emerging general risks (J ablonowski, 1996). 40 2.2.4 The Goal of Risk Assessment Specifically, risk assessment is conducted to assist in decision-making and rest of the risk analysis process (Aven, 2003; CFSAN/F DA, 2002; Kaplan, 1997; Nader, 2002). Once the hazard is identified, the data and insights are applied to assessing the risk, allowing for the next step, risk management. The risk assessment process helps to organize and quantify the hazards, to clarify the overall risk as well as the interaction of the components comprising the total risk. The risk assessment process has continued to evolve in complexity, but has also increased in transparency (CF SAN/FDA, 2003; Claycarnp, 2003; Clemens & Swallom, 2005; Office of Management and Budget, 2006; WHO, 2003). 2.2.5 Basics of Risk Assessment -— Categorizing the Threat Risk assessment focuses on identifying what a type of risk is, and is not, to better evaluate the most appropriate risk model characteristics. In the most broad terms, risks are either strategic (“long-term variations in outcomes”), operational (“traditional business and hazard risks... variations in outcomes within one operating period”), or economic (“political and financial situations that are created by macro- and micro events”) (Kallman, 2007). Operational risk, most commonly defined as "the risk of loss or harm resulting from inadequate or failed processes, people, or processes, or from an external event" (Taylor, 2006). By these definitions, the counterfeit threat is an operational risk. 41 To further categorize the counterfeit risk, it is valuable to review risks one step further. Hazards can fall into several of the risk classes. This summary is based on Nader’s “The Manager’s Concise Guide to Risk (2002)” (Nader, 2002). Catastrophic risk affects industries and firms whose financial assets are exposed to catastrophic natural perils, such as earthquakes, hurricanes, volcanic eruption, and so on. . .. Although catastrophic risk is usually considered as an outcome of natural perils, one nonnatural peril, terrorism, has emerged in recent years as a source of risk whose consequences for the insurance industry appear increasingly capable of attaining the same dimensions as those of catastrophic risk. F oreseeable risk is primarily a legal definition derived fi'om the concept of “foreseeability.” Accordingly, foreseeable risk is any risk whose consequences can reasonably be expected to occur, by a person of ordinary prudence. Fraud risk [also categorized by Nader as security risk] may be defined as the entity’s total exposure to the probable misconduct, dishonesty, and deceit by internal as well as external parties. . .. What is peculiar about fraud risk is that it can never generate any returns to the party at risk. Therefore, no business entity acting rationally should ever voluntarily bear or expose itself to any type or amount of fiaud risk. However, we live in an imperfect world, it is unrealistic to expect that total elimination of fiaud risk can be achieved. Fundamental risks are impersonal in nature, and any person affected by such risks is exposed to losses that do not arise from that person’s own individual choice or behavior, but from events beyond his or her control. Examples of such events include natural disasters, political and social developments, economy-wide phenomena, industry-wide phenomena, and so on. “Legal risk is one of the risks of doing international business. It arises fi'om the weaknesses, incompleteness, nonenforceability, and other similar problems with a foreign country’s laws and its legal-judiciary machinery. . .. Such problems increase the probability that the legal system will fail to provide adequate protection of physical and intellectual property rights, or remedies against breaches of contracts and other violations of contractual rights. The term liability risk is applied to a very broad category of pure risks, many of which are insurable.... Liability risk arises whenever one party is exposed to possible loss of present or future assets or income as a result of causing one or more of the following events to another party or to assets owned by another party, whether those events (torts) are caused by the first party willfully or though negligence. The term marketing risk is used to describe the uncertainty that surrounds the future demand for a firm’s products as a result of numerous variables 42 which affect this demand, but may be unpredictable or not entirely under the firm’s control. Marketing Risks arise fi‘om unanticipated or uncontrollable shift in any of the factors which affect the firm’s marketing mix (product, price, place, and promotion). Particular risks are those types of risk whose consequences affect individuals separately, and are not so pervasive (as in the case of fundamental risks) as to affect an entire group of individuals. Particular risks arise from personal actions or events that are under an individual’s control, and are therefore considered to be the responsibility of the individual, rather than the responsibility of society as a whole. Property risks encompass all events which carry a possibility of loss, to a property owner, of one or more of the following: the value of property (direct loss), the use of property (indirect loss), and the future income generated by property (indirect loss). A pure risk is defined as any risk which can only result in a loss or no loss, but can never generate any gains to the party at risk. In other words, a pure risk consists entirely of downside risk and does not contain any upside risk component. . .. The designation of some risks as pure risks is useful for setting apart those risks that are normally insurable risks fi'om speculative risks, which are normally uninsurable risks. Speculative risk, as distinguished from pure risk, is a term applied to describe all risky situations that, in addition to carrying the possibility of loss, also carry the possibility of gain to the party at risk. In other words, speculative risks incorporate not only a downside risk component but an upside risk component. Depending on the specific threat and an organization’s response to risk, counterfeiting could fall into one or many of the risk classes. As with many aspects of risk analysis, there is often some confusion on use of terminology. Mil-Std-882D refers to an operational risk matrix as a process within, what it refers to as, the overall operational risk assessment program. For this research, the FDA reference will be used. 43 2.2.6 Basics of Risk Assessment — Taking the First Step A common challenge faced in risk assessment is a lack of appropriate historical data, a basic lack of knowledge important in decision-making and data that is not yet available (Cruz, 2002; Van Der Fels-Klerx, Goossens et al., 2002). One common method used for taking the first step is peer consultation or expert panels. Some examples are discussed in “Building confidence in models for multiple audiences” (Howick, Eden et al., 2008), and “Engaging Expert Peers in the Development of Risk Assessments” (Patterson, Meek et al., 2007). A tried and true method is to apply expert judgment or the formal Department of Defense (DOD) process of Delphi (Coffin, 2002; Cruz, 2002; Van Der Fels-Klerx, Goossens et al., 2002). Delphi was developed by the RAND Corporation after World War II to combine expert opinions while eliminating bias. Delphi collects individual surveys then conducts group reviews of the overall perspective, in a very formal and methodical process (Coffin, 2002). The Delphi process is described here (Cruz, 2002): Usually, one or more of the following properties of the problem to be solved lead to the need for Delphi: 0 The problem does not lend itself to precise analytical techniques but can benefit from subjective judgments on a collective basis 0 The individuals needed to contribute to the examination of a broad or complex problem have no history of adequate communication and may represent diverse background in respect of experience or expertise. Time and cost make fi'equent group meetings infeasible More individuals are needed than can effectively interact in a face-to- face exchange 44 2.2.7 Basics of Risk Assessment — Appropriate Precision An expert or group of experts can provide quick insights, as well as identify potential influences that may not show up until much later using data-intensive statistical methods. A limitation of using an expert’s judgment is the role assumptions play in the judgment. Techniques that simplify an analysis can compound into greater uncertainty in the final output of the model (Claycamp, 2006; WHO, 2004). Usually, these heuristically-derived assumptions (using expert judgment rather than hard, unchanging data) are not clearly defined in the statistical review, and yet reports present the results as very precise. In their report “Understanding Risk”, the National Research Center (NRC) at the National Academies of Science discussed related analysis that is conducted to reduce the complexity of the model, and the danger that over simplifying complex, multidimensional problems can lead to results that are “highly contentious” to the decision-making process (National Research Council, 1996). Additional insight was provided by Hassenzhal (2006): Risk analysts are often asked to generate precise numerical calculations. The expectation serves an important role in risk evaluations by forcing discipline on the analysts. At the same time, however, the act of generating such precise numerical calculations permits the unfortunate possibility that the resulting estimates will be interpreted as sufficient and accurate depictions of the risk. Alternatively, analysts may feel compelled to present estimates that are more precise than they feel is warranted. Stripped of quantitative and qualitative information about uncertainty, these precise estimates may become reified and thereafter be interpreted as the "true" or "actual" value of the risk. 45 fact. ?i then I OMB. 3000;} P2000 Starr. malts Sung? i C3133 1m ”ftur c. --:. “I“ 51-11%.- 4"“ 1 9|! ‘ The concern is that the analysis may reach a point of “excessive precision” or a “false sense of precision and it is an important point to remember in making preliminary risk assessments or in reviewing emerging risks (Hassenzahl, 2006; J ablonowski, 2005; Pittinger, Brennan et al., 2003). 2.2.8 Basics of Risk Assessment — Words or Numbers Risk assessments do not need to strive for quantitative output (numerical data). In fact, there is a body of literature which supports qualitative (high/medium/low) output, when there is qualitative (high/medium/low) input, including agencies such as the FDA, OMB, DOD, international standards organizations, and industry associations (Broder, 2000; J ablonowski, 1994). For example, in a CFSAN/F DA presentation, “Tools for Prioritizing Food Safety Concerns: An FDA Perspective,” (by Dr. Robert Buchanan, Senior Science adviser and Director of Science) both qualitative and quantitative tools or models for risk ranking or assessment were validated, noting that each can have their strengths and drawbacks (Buchanan, 2007). This is supported by other authors, as well (Claycamp & Hooberman, 2004; Etherton, Main et al., 2008; Shepherd, Barker et al., 2006). In a study in Risk Management by Jablonowski (1994), a survey of risk managers found that words communicated the risks better than numbers. For example, it was more descriptive and helpful to call something “rare” than to refer to a “0.05” percent chance of occurrence. The lack of detailed history is also echoed by the security industry. For example, the book “Risk Analysis and the Security Survey” (which is recommended reading for the American Society for Industrial Security ASIS Certified Protection Professional 46 certification) specifically addresses security-related risks that apply directly to the anti- counterfeit strategy situation (Broder, 2000): Threat occurrence rates and probabilities are best developed from reports of occurrences or incident reports, whenever this historical data exist. Where information does not exist, it may be necessary to reconstruct it. This can be accomplished by conducting interviews with knowledgeable persons or by projecting data based upon educate guesses, supported by studies in like industries and locations. Review of the literature and other reports did not specify how to separate the categories (hi gh/medium/low) beyond stating that the categories should be spaced far enough apart to be meaningful. The categories should not be set to parts-per-trillion if the available equipment can only measure to part-per-million (the data would be impractical to measure). Likewise, the categories should not be set so all the responses fall into the same rank (if all are “medium” there is no differentiation). 2.2.9 Basics of Risk Assessment — Numerical Methods This section is based on the book Numerical Methods for Engineer” by Steven Capra and Raymond Canale (1998). Traditional numerical models, formulated to be solved with arithmetic operations, are the focus of engineering textbooks (Capra & Canale, 1998). Unlike engineering problems (e.g. will a bridge withstand a certain load), the counterfeit risk has human factors and there may be no physical laws in the root cause. Due to the nature of the data, even traditional “fundamental laws” (e. g. energy cannot be created or destroyed) cannot be derived fiom empirical tests (e. g. observation or experiment) (Capra & Canale, 1998). The Counterfeit Product Risk Model is not a physical system or process that is easily defined for future threats. 47 Since engineering problem-solving concepts are familiar to many of the engineers assigned with counterfeit risk prediction, these concepts will be reviewed for their relevance to the model: Flowcharting. While flowcharting of the processes can work in a very general sense for counterfeit risk, the lack of large, historical data sets reduces the effectiveness of developing numerical models. Analytical versus numerical methods. Analytical methods are considered exact, approximated by linear functions, and are of limited value since most “real” problems are more complex (Capra & Canale, 1998). Numerical methods are based on “equations, non-linearity, and complicated geometries” and are very common in engineering problem solving (Capra & Canale, 1998). Even though the numerical solutions can be quite complex, they are still an approximation. “Although perfection is a laudable goal, it is rarely, if ever, attained” (Capra & Canale, 1998). Neither applies to the Counterfeit Product Risk Model due to the underlying lack of historical data and the ever-changing nature of the risk. Truncation versus round-off errors. Truncation error is a different concept that measures the variation in the approximation of a number and the actual number (e. g. a measured number 4.859 but truncated to 4.9) (Capra & Canale, 1998). Round-of error is due to method or computers simplifying the data to a finite number (e. g. Pi is 3.141592653589... but rounded off to 3.14) (Capra & Canale, 1998). These concepts both assume there are a large historical data sets and some accurate measure of the system. The only historical data about counterfeiting is whether the product is known 48 to be counterfeited and how many occurrences of the fake product were identified. Thus, neither concept applies to the Counterfeit Product Risk Model. Significant figures, accuracy, and precision. Significant figures refer to the number of digits that can be used to represent the data point (Capra & Canale, 1998). Accuracy is how closely a measured result equates to the actual result, whereas inaccuracy is the deviation from the actual result (e. g. inaccurate data points are far from the actual number) (Capra & Canale, 1998). Precision refers to how two computed data points agree with each other regardless of how close they are to the actual number, whereas imprecision (or uncertainty or bias) is the magnitude of the variation in the computed data points (e. g. precise results can be data points that are close together regardless of the location of the actual number) (Capra & Canale, 1998). Since the actual number for a counterfeit risk calculation cannot be known, these concepts do not apply to the Counterfeit Product Risk Model. “Blunders,” formulation errors, and data uncertainty. Engineering problem- solving assumes that the model and assumptions are sound, but in the real world that should not be assumed. “Blunders ” are considered to be gross errors in the data gathered, or models that are not fundamentally sound relative to the data collection or measurement (Capra & Canale, 1998). Formulation errors, or model errors, are fi'om “incomplete mathematical models” (Capra & Canale, 1998). If a counterfeit risk model is based on the analysis of past data, then a mathematically representative model can be developed, but in trying to predict future risks the model developed would be fundamentally incomplete. With these fundamentally incomplete models, uncertainty (bias) would be associated with the results. When the counterfeit risk is 49 considering future risk, the uncertainty could magnify, detracting from the value of the prediction. Data uncertainty is the error from the physical data that was used to build the model (Capra & Canale, 1998). The physical data used to build a numerical counterfeit model would be both uncertain and imprecise. Quantitative methods are not always the most efficient or most appropriate prediction models. Also, classical statistical methods are based on the fundamental concepts outlined above, and are not practical to apply to the Counterfeit Product Risk Model. The use of classical statistical tools such as mean, standard deviation, or variance would give an impression of excessive precision. If the Counterfeit Product Risk Model used a traditional analytical or numerical model, the associated error would lead the output to be impractical in practice. This review supports using a more general, qualitative model. 2.2.10 Basics of Risk Assessment—Risk Presentation This section will review potential risk presentations which may have application to the Counterfeit Product Risk Model. An investigation of the factors that make up the probability categories, in the probability versus severity matrix has been conducted using the literature (Table 4). The operational risk matrix is an application of the basic probability versus severity matrix. Operational risk management (ORM) in the form of a matrix is frequently referred to by the World Customs Organization (W CO), FDA, and others (Acheson, 2007b; Brackett, 2004; Elsworth, 2007; Mil-Std-882D, 2000; World Customs Organization, 2003). 50 Table 4. A General Probability versus Severity Matrix SEVERITY Catastrophic Critical Marginal Negligible E Frequent 1 3 7 l3 :1 Probable 2 5 9 16 fl Occasional 4 6 l 1 18 8 Remote 8 10 14 19 E Improbable 12 15 17 20 When considering food defense risk, David Acheson, the Assistant Commissioner for Food Protection for the US FDA, identified several key concepts in a presentation he gave (Acheson, 2007b): 0 Vulnerability Assessment Tools 0 Operational Risk Management (ORM) o Carver plus Shock I Federal only ' SPPA I Software tool 0 Strategic Partnership Program on Agroterrorism (SPPA) o Raise Awareness - ALERT ' Web-based training The Food and Drug Administration’s ALERT (Assure, Look, Employees, Reports, and Threat) initiative is specifically designed to raise awareness by fi'ont line employees in retail and operations, of actions and anomalies that could constitute dangerous food defense risks that would cause harm (CFSAN/F DA, 2006). The ORM process is used by a wide range of groups, and several are referenced in Clemens & Swallom (2005) including: 51 Naval Ordnance Safety and Security Activity, US Federal Aviation Administration (FAA), US. Army Aviation and Missile Command, US. Army Research Development and Engineering Command’s Aviation Engineering Directorate, Swedish Defense Materiel Administration (Forsvarets Materielverk), US. Army Apache Attack Helicopter Project Management Office (PMO), and the Office of the Director of Army Safety. The Operational Risk Matrix was central to all the above examples, as were the qualitative factors associated with the most basic probability and severity categories: Critical, Marginal, Negligible, Frequent, Probable, Occasional, Remote, Improbable, Extremely Improbable (Clemens & Swallom, 2005; Mil-Std-882D, 2000). The quantitative range for the categories was determined by experts who interpreted the data. In some cases, such as aircraft crashes, exact data was known and could be directly applied (Clemens & Swallom, 2005). The Clemens article clearly identifies the underlying assumption that the probability and severity category rankings are variable and based on interpretation of unknown data. For example, looking at several of the nine probability categories, it is demonstrated that the input data relies on science and expert opinion: Frequent - once every 2 days, Unlikely - once every 10 years, and Extremely Improbable - once in 1000 yrs. The final assumption is quantitative, but the underlying selection of the range of risks is still heuristic or biased. There should be a definition of the range of each category, for example, why isn’t “frequent” considered to be “once every two weeks”? The risk analysis process for a specific risk or event should consider how the information will be used and how the information must integrate into over-arching risk management systems (Acheson, 2007b; Buchanan, 2007; Clemens & Swallom, 2005). A common practice is “risk summing,” also referred to as using a “risk register” or Total 52 Risk Profiling (TRP), where risks across a system or organization are gathered and ‘ consolidated in an overall review (Clemens & Swallom, 2005). The concept of risk is growing in importance for agencies and industry for a number of reasons, including the increased cost and legal liability of recalls and the US Securities and Exchange Commission (SEC) reporting requirements of the Sarbanes- Oxley Act (DHS, 2007). An emerging trend is for companies to use an Enterprise Risk Management Concept (ERM) and to assign a Chief Risk Officer (CRO) who would report directly to the Chief Executive Officer (CEO) of a corporation (Lam, 2003; Lee & Shimpi, 2005; Phillips, 2008; United States Government Accountability Office, 2008b). The Clemmons (2005) report summarizes the risk-summing requirements (Clemens & Swallom, 2005). A risk summation should: Characterize total system risk Adapt to both quantitative and qualitative methods Produce a unique, unambiguous result Be easy to calculate Be easy to interpret Serve risk communication needs well Satisfy needs for transparency, clarity, consistency and reasonableness Provide a clear path to the required decision For the Counterfeit Product Risk Model, the rather simple nature of the operational risk management and operational risk matrix are appropriate for the very small amounts of historical data. Specifically, the OMB states that “when large amounts of historic data from humans are available, an actuarial risk assessment may be performed using classical statistical tools” (Office of Management and Budget, 2006). The classical statistical tools that do not apply to the broad and ambiguous counterfeit risk concept include decision trees, Monte Carlo simulation, probabilistic risk analysis (PRA), Bayesian analysis, etc. The classical statistical tools do apply when there is more 53 information or a more defined process. For example, the World Customs Organization (W CO) uses classical statistical methods to review their actual inspection data (risk assessment), but uses insights on what to actually inspect in the first place (hazard identification) (World Customs Organization, 2006). l The operational risk management (ORM) has merit and can be used for the Counterfeit Product Risk Model assessment. 2.2.11 Basics of Risk Assessment—Model Building When reviewing risk model building, it was clear that there is no one best model (Acheson, 2007b; Claycarnp, 2003; Cruz, 2002; Hassenzahl, 2006; Ryan, 2005). Even the formal standards organizations (ANSI, ISO, EN, Mil-Std, etc.) only begin with a risk assessment framework and do not recommend a best model (Etherton, 2007). Often, as recommended above, the model selected is similar to other models used in that field or area: food safety, corporate security, law, finance, insurance, operations, etc. Models to assess the counterfeit threat are, thus, specific to the industry, company or Agency. To harmonize the information, companies and agencies measure the counterfeit risks and factors in terms of their other models which deal with risks and threats. An inherent limitation of these models is that they may not consider a broad enough view of the counterfeit threat to really expose the root causes of the risk or threat. In addition, these models may not be efficient or effective to evaluate the effectiveness of potential countermeasures or deterrents. Specific standards were analyzed and summarized, to determine if they have application to the anti-counterfeit prediction of risk. Generally, each presents a risk framework but few give detail on conducting the actual risk assessment. 54 EN 1050. The European Union (EU) developed this “new approach to technical harmonization and standards) in the 1990’s, and it includes a specific machinery safety focus” (Etherton, 2007). The standard includes guidance on machinery design and includes EN1050, the “Safety of Machinery: Risk Assessment (Etherton, 2007). ANSI B11 TR3. The American National Standards Institute (ANSI) Machinery Tool Safety Standards Committee formed the TR3 guidelines in 1995. This standard raised the US standards up to, or above, the EN 1050. The general steps for TR3 machine risk assessment are: (1) identify the tasks and hazards; (2) estimate the risks; (3) determine the steps necessary for reducing risk; (4) select safeguards; (5) verify whether risks were reduced; and (6) document the reduction of risks. The risk of a task is determined by evaluating the relationship between the potential probability of an occurrence of harm (e.g., very likely, likely, unlikely, and remote) and the potential severity of harm (e.g., catastrophic, serious, moderate, or minor). These factors are entered into a risk estimation matrix or equivalent risk estimation tool, and a risk level (e.g., high, medium, low, negligible) is then determined (Etherton, 2007). ISO 14121. The International Standards Organization (ISO) formed the TC199 “Safety of Machinery” technical committee to focus on machinery safety. The ISO work group developed this standard. MIL-STD-882D. The DoD developed and uses “one of the most pervasive risk assessment approaches” in this “Standard Practice for System Safety,” which is used by “all departments and agencies within DoD.” “As with all existing safety programs, the objective of this document is to develop a standardized method of 55 assessing and mitigating risks” (Etherton, 2007). The standard states that it complies with all other US Government standards. Since it has a direct application to the anti-counterfeit prediction of risk, Mil-Std- 882D will be reviewed in more detail (Mil-Std-882D, 2000). The objective of this Standard is to develop a standardized method of assessing and mitigating risks. The Standard is designed to protect private and public personnel from “accidental death, injury, or occupational illness; weapon systems, equipment, material, and facilities from accidental destruction or damage; and public property while executing its mission of national defense.” The Standard states that it complies with all other US Government standards. The Standard refers to events as “mishaps” and the risk as “mishap risk.” The Standard does refer to mishaps in DoD operations, so the term may be, essentially, a subcategory of overall operational risks. As was discussed in the previous risk assessment discussions (and this is a common challenge for developing a Counterfeit Product Risk Model) the process for identifying hazards is not specified but there is an emphasis on “historical hazard and mishap da ” and on reviewing “lessons learned from other systems.” The process to define the hazards or hazard categories are not identified in the Standard, though it is specified that the mishap risk assessment values are grouped into mishap risk categories. The Standard is actualized using a “mishap risk assessment matrix.” This matrix is known by many terms, such as an Operations risk assessment or a “probability x severity” matrix, but the basic components are a quantitative probability measure on one axis and a quantitative severity measure on the opposite axis. Utilizing the matrix allows 56 the risk manager to assign a “value to a hazard based on its mishap severity and its mishap probability.” 2.2.12 Practical Application of Risk Assessment This practical example is included in this Risk Overview Chapter, and not the applied Risk Model Chapter, since it demonstrates the risk analysis concepts. Richard Ryan is a Corporate Security manager at Archer Daniels Midland (ADM) Company and he presented “Risk Assessment to Drive Research for Contaminant Detection” at the Institute of Food Technologist’s 1st Annual Food Protection and Defense Research Conference on November 4, 2005 (Ryan, 2005). This presentation was especially valuable to the Counterfeit Product Risk Model research because it emphasizes real actions and concerns at a food company. The presentation focused on all intentional contamination or attack risks. The following is based on Ryan’s presentation. “Security upgrades” are operational costs that do not create revenue, but they do reduce costs or liability, and the cost and benefit analysis is presented as a business case. When analyzing a risk mitigation project, three keys were discussed. The first key is the risk assessment. Although ADM uses the Carver+Shock model as the base of their risk assessment program, they clearly emphasize that the model does not consider every risk, so the results are admittedly incomplete. “[Carver+Shock] works perfectly well if you know who the bad guy is and what his motivations are. Unfortunately, making an assumption as to the identity and motivation of the attacker introduces unavoidable error in the risk assessment of this type” (Ryan, 2005). With usable but incomplete models in use, it is not appropriate to affix specific actuarial numbers to the risk (“risk rating is 3”). In industry and government there must 57 be some more subjective analysis to reflect the risk. The confidence in the probability is stronger if there is reference to other scientific research or models regarding the risk, to help change the perception fiom a perceived risk to a real risk. The confidence also increases with anecdotal evidence or details of counterfeiting in other industries or product groups. In the subjective analysis included in the business case, a range of potential financial liability would be determined. The second key is to determine the potential mitigation steps and to choose the most efficient and effective solution — lowest cost and highest impact. And finally, the third step looks at what level of confidence there is that the mitigation step will be effective. 2.2.13 Risk Concept Summary This section reviewed risk analysis, and its three components (risk assessment, risk management, and risk communication), to focus on what does, and does not, apply to the Counterfeit Product Risk Model. The science of risk assessment has become very analytical and quantitative, but the nature of emerging risks, that do not have large historical data pools, supports a more manageable and more qualitative (high/medium/low), heuristic approach to risk management and risk assessment. This section also reviewed how the incomplete nature of the data and the clandestine nature of the counterfeit threat lead to inefficiency when trying to use classical statistical methods, such as the Monte Carlo simulation, decision trees, or probabilistic risk assessment (PRA). There is wide acceptance of quantitative, semi-quantitative, and qualitative risk management and risk assessment tools. The literature supports using an expert panel to develop the Counterfeit Product Risk Model. More generally, the models and tools 58 should be able to be used together; there is acceptance of building unique risk models to support a unique risk. The probability versus severity matrix, used by operational risk management, is the most efficient and effective type of structure for this research. The literature and agency reports support dissecting the overall probability into smaller and more detailed factors. This discussion will continue in the next chapter, with more specific examples. The risk analysis and risk assessment concepts and tools have been used in developing the Counterfeit Product Risk Model. 59 2.3 Risk Model Research This chapter will review risk analysis models and processes to focus on what can, and cannot, apply to the Counterfeit Product Risk Model, using the literature and agency reports. There have been many models inefficiently applied, and others that are assumed to be applicable, to the counterfeit threat. Thus, it is important to review model theory as specific models to determine if they can be used to assess the counterfeit threat. The lack of refereed articles, and credible counterfeit data, is mirrored by a lack of risk assessment methodology and models relevant to counterfeiting. The lack of even the most basic quantitative factors is due to the nature of the threat—being clandestine, criminal, and rapidly evolving in complexity and range. The counterfeiters have clandestine operations and in many cases the product is so good that it travels through the supply chain undetected. In general, information on the gaps or breaches is considered classified by agencies or confidential by industry. Any publication of these gaps and breaches could be read and used by the “fraudsters”l to help them be more efficient in their operations. The lack of public information or data leads to a very limited historical resource. Classical, statistical, data-intensive risk assessment models or tools are not sufficiently useful. ' The term “Fraudster” is used as a descriptive, formal term for this specific type of criminal and their activity (deKieffer, 2006b; European Commission, 2006; PriceWaterhouseCooper, 2007). 60 2.3.1 Risk Assessment Models Overview This Section reviews specific risk assessment tools from a wide range of applications to assist in the selection of the most appropriate Counterfeit Product Risk Model. Risk assessment is included in the standards of several key intemationally— recognized standards setting organizations. Each of the standards uses the simple, traditional “probability versus severity” matrix in an operational risk management (ORM) assessment. ORM is recommended by, and used by the FDA, DOD, USDA, and others. ORM is also the base concept used in risk analysis, notably in Mil-Std, ANSI, ISO, and EN standards. In these standards, the selection of quantitative probability and severity data are left up to the risk managers, though in many cases, an additional expert panel is recommended. For example, the ANSI B11 TR3 emphasizes risk analysis processes that are commonly referred to in other processes (Etherton, 2007). These include: identify the tasks and hazards; estimate the risks; determine the steps necessary for reducing risk; select safeguards; verify whether risks were reduced; and document the reduction of risks. Similarly, there are risk categories and identifiers (Etherton, 2007): g o evaluate severity versus probability 0 common severity categories - catastrophic, serious, moderate, or minor 0 common probability - very likely, likely, unlikely, and remote Depending on the model or standard, a number of categories can be defined to meet the needs of the data. The standards use anywhere fiom three to nine categories of inputs. 61 2.3.2 Risk Assessment Models in the Anti-Counterfeit Industry Any precise risk assessment will include a perspective on very sensitive gaps or weaknesses in the supply chain, which, if published, would provide insight to criminals that would put that supply chain at even greater risk. The Department of Homeland Security has classified reports or reviews that divulge too much information about gaps or that create a “roadmap” which could lead to a breach of security (CFSAN/F DA, 2007c; Congressional Research Service, 2003; Department of Homeland Security, 2007; Scandia National Laboratory, 2007; Tilden, 2007). The FDA procedures recommend that companies hold their reports confidential and DHS has stated that their detailed reports have been classified as secret (CFSAN/FDA, 2007c, 2007d, 2007c; Collins, 2004; Department of Homeland Security, 2007; Scandia National Laboratory, 2007). Although not often enacted, “[information] classification on national security grounds denies access to anyone without a govemment-issued security clearance and a demonstrated ‘need-to- know’ the information” (Center for Strategic and International Studies, 2005). Counterfeit risk assessment based on expert panel or heuristic insights are being conducted, to some extent, but details are not available in the public realm, and thus, are considered confidential (Hammerbeck, 2008; Pierce, 2004). To show how little is published in regards to counterfeit risk assessment is to review the 2004 final report and the June 2006 update of the FDA report on “Combating Counterfeit Drugs” (FDA, 2004, 2006a). This series of reports and updates only mention a high level FDA intent to “support the development” of several of the counterfeit risk predictors. 62 The FDA has taken an initial step by noting some potential categories that may predict risk. Past counterfeiting is a predictor of future counterfeiting and that diversion is a gateway for illegal products to enter the supply chain (deKieffer, 2006b; Liang, 2006). The Carver+Shock risk assessment tool does contain one question regarding whether the manufacturing process includes known counterfeit or diverted products (CFSAN/F DA, 2007a). A review of the FDA Combating Counterfeit Drugs report in 2004, and the 2006 Update, and the full-text is included here (FDA, 2004, 2006a): There was agreement that the criteria we suggested to identify drugs that were likely to be counterfeited were correct. These included: Impact on public health if the drug were counterfeited; 0 Drugs history of counterfeiting; 0 Drugs price; 0 Drugs volume; 0 Drugs dosage form; 0 Drugs clinical uses; and 0 Whether similar products had a history of being counterfeited. However, there was no consensus on how to apply these, or other, criteria in creating a list of such products. As stated above, some comments suggested that instead of developing a list of drugs likely to be counterfeited, a set of criteria for determining whether a drug was [as] likely to be counterfeited should be created. One proposal for such criteria was: 0 A drug has been subjected to a seizure or stop sale notice because of counterfeiting, or 0 There is documentation that a drug was counterfeited and is the subject of an investigation by federal or state authorities, AND 0 The product is high cost (e.g., over $200 per dose) or high volume (e.g., top fifty drugs), or o The product is used extensively for treatment of HIV/AIDS or cancer, or The product is injectable, or The product distributed in a special or limited way, or There are multiple documented instances of pedigrees not being passed with the product 63 Ir] There are some models that review the counterfeit threat, but none were found that support a comprehensive Counterfeit Product Risk Model. 2.3.3 Model Example - Theoretical Smuggling Model Ivanova (2007) uses a series of three predictions of how their formula-based model “Corruption, illegal trade and compliance with the Montreal Protocol” would react to several situations. Specifically, Ivanova studied the impact of only three factors (corruption, rule of law, and tariffs) on chlorofluorocarbons (CFC) smuggling. The author does state that this is a partial review of the issue. The author tests the model against the predictions (whether the model points in the expected direction). Ivanova supports that idea that testing a comprehensive model using a classical statistical method to predict smuggling (the data has similar specifics as counterfeiting) is not possible. “Since data on illegal trade is not available, it is not possible to test any theoretical conclusions about smuggling” (Ivanova, 2007). Neither the FDA report, nor any other agencies found in this research, recommended a specific risk assessment methodology nor did they provide any specific details of previous risk assessment projects. 2.3.4 Model Example: GTRIC The General Trade-Related Index of Counterfeiting (GTRIC) model is presented in the, Organization for Economic Cooperation Development (OECD) report, titled Economic Impacts of Counterfeiting and Piracy (OECD, 2007a). This report was published as a draft report in September 2007. 64 The OECD was originally formed in 1947 to administer the Marshal Plan for European reconstruction after World War H and has had a continually evolving mission to help member countries achieve economic growth. There are thirty members (including the G8 and others), and over 70 participating developing and emerging market economies. The OECD’s Economic Impacts of Counterfeiting and Piracy report is the most complete and recent agency overview on counterfeiting. The contributors or editors are not identified in the draft report. The report emphasizes the difficulty in product counterfeiting data collection: The overall degree to which products are being counterfeited and pirated is unknown and there do not appear to be any methodologies which could be employed to develop an acceptable overall estimate (OECD, 2007c). The response rate to the [OECD] Customs questionnaire was not high from larger economies, which limited the usefirlness of the results. As for the data itself, sizeable fluctuations fi'om year to year in many economies made it difficult to observe any trends or patterns; moreover, in many cases the level of inceptions/ seizures reported, when compared to other economies, raised questions about the consistency and comparability of the information (OECD, 2007c). With regard to comparability, it should be noted that the basis for reporting interception values varied among respondents. Some reported on the basis of declared customs value while others reported market value or legitimate item value (OECD, 2007c). Carrying out assessments of the factors (or drivers), even on a qualitative, nonempirical basis, can generate insights into the counterfeiting and piracy situation in different products and in different economies (OECD, 2007c). Regardless of the admitted data limitations, the report does present new mathematical models for estimating the magnitude of the counterfeit threat. The models estimate counterfeiting magnitude by global production (“GTRIC-p”) and source economy (“GTRIC-e”), which is the General Trade-Related Index of Counterfeiting (GTRIC) model. The GTRIC identifies a “ceiling” for international counterfeiting, 65 essentially establishing an “upper fix-point limit” (OECD, 2007c). The data is generated in three steps: (1) identify known counterfeited product, (2) identify known counterfeit producing source economies, and (3) estimate the rate of counterfeiting based on customs seizure and OECD surveys. The GTRIC model did not include any direct references to authors or sources and there were no additional literature references on the topic. The model states an impressive 95% confidence interval, but the prediction range is extremely broad. For example, the GTRIC-e estimate for Morocco, with a 95% confidence interval, is that between 10% and 97% of the exported products are counterfeit. The OECD Economic Impacts of Counterfeiting and Piracy report examines the drivers and root causes of counterfeiting from a global, country, or general-industry perspective. The OECD report has many general insights that can be applied to product or company specific assessments, but the GTRIC models do not contribute to the Counterfeit Risk Model because they focus on generalizations about countries not a specific company’s product. 2.3.5 Risk Assessment Models in the Food Industry There are a number of overall risk analysis and specific risk assessment models used in the food industry, though most refer to basic operational risk assessment when reviewing emerging threats. Unlike counterfeits, the general food industry risk analysis models utilize a large sample size and are very data driven (Buchanan, Dennis et al., 2004; Buchanan, 2004). The risk analysis procedures generally focus on either pure food safety (unintentional contamination such as E. coli or contaminants) or food defense 66 (intentional contamination with malicious intent, such as terrorist attacks, disgruntled employee contamination, or malicious tampering). 2.3.5.1 Good Manufacturing Practices (GMP) The Good Manufacturing Practices (GMP) procedures regulated by the US. Government are very rigorous, driven by large data sets, and work with predetermined hazards. The US Federal Food, Drug, and Cosmetic Act regulates that human foods must be free from adulteration, which it defines as harmful impurities (CFSAN/F DA, 2001b). The Code of Federal Regulations (CFR), GMP covers four main areas: a 21 CFR Parts 210 and 211 — Drugs 0 21 CFR Part 820 - Medical Devices 0 21 CFR Part 110 — Food 0 21 CFR Part 606 - Blood GMP does not specifically consider economic fraud, counterfeit, or risks outside traditional operations. 2.3.5.2 Good Agricultural Practices (GAPS) The Good Agricultural Practices (GAPS) are global programs that are procedures, but not regulated (not law), in the United States (FDA, 1999; Food and Agriculture Organization of the United Nations, 2002). The GAPS focus on agricultural practices, such as farming of fresh produce, and include recommendations on traceback, packaging and filling sanitation, and cover other processing steps (CFSAN/F DA, 2001b; Food and Agriculture Organization of the United Nations, 2002; Smith, 1999). While the GAPS are outlined in great detail, they do not address or add to the Counterfeit Product Risk Model other than in their general concepts. 67 2.3.5.3 Hazard Analysis and Critical Control Point (HACCP) The Hazard Analysis and Critical Control Point (HACCP) procedure is widely adopted (CFSAN/FDA, 2001a). The HACCP program is covered under 21 CFR 120 (21 CFR 120, 2003; CF SAN/F DA, 2001a). The HACCP process includes a hazard analysis of critical control points that is based on seven principles (CF SAN/F DA, 2001a). Analyze hazards Identify critical control points Establish preventive measures with critical limits for each control point Establish procedures to monitor the critical control points Establish corrective actions to be taken when monitoring shows that a critical limit has not been met Establish procedures to verify that the system is working properly Establish effective recordkeeping to document the HACCP system A broad interpretation of the key points, at least as applied to the shipper or the retailer, shows that counterfeit food products could be included under the HACCP regulation (21 CFR 120, 2003). The written hazard analysis shall consist of at least the following: 1) Identification of food hazards; 2) An evaluation of each food hazard identified to determine if the hazard is reasonably likely to occur and thus, constitutes a food hazard that must be addressed in the HACCP plan. This evaluation shall include an assessment of the severity of the illness or injury if the food hazard occurs;. .. The regulations do not specifically outline an emerging risk assessment model and do not give guidance as to when a “hazard” should be included in a HACCP program (CFSAN/FDA, 2001a). Neither do the HACCP procedures address economic fraud or counterfeit products (Cook & Thurber, 2006). 68 2.3.5.4 Carver+Shock Risk Assessment The Carver+Shock (called “carver-shock” or “carver plus shock”) risk assessment method is used for reviewing intentional adulteration attack threats and for prioritizing responses that has been applied to the food sector by DHS and the FDA. This tool is a cornerstone of the DHS Food and Agriculture National Infrastructure Protection Plan (N IPP) (Department of Homeland Security, 2007). Specifically, the CARVER part of the process is a military tool developed for warfare that is now applied to terrorist threats, who attempt to shock society by the horror of their actions, thus the “+Shock” suffix (CFSAN/F DA, 2007a; Scandia National Laboratory, 2007). C.A.R.V.E.R. stands for: criticality, accessibility, recuperability, vulnerability, effect, and recognizability (Savada & Metz, 1999). “This is the only quantifiable tool I know of for the food industry,” Frank Busta, director of the National Center for Food Protection and Defense (Scandia National Laboratory, 2007). Scandia laboratories has developed a Carver+Shock software tool that is available on the FDA website. The tool surveys the user, and develops a detailed flow chart of the operation. Each variable is given a score, and the final score is based on the C,A,R,V,E,R, and S variables As with other methods, such as Mil-Std-882D, applying the Carver+Shock scales directly would bias the counterfeit product threat as a low priority. For example, the dollar losses equated with counterfeiting would typically fall in the “low” category in the Carver+Shock tool.. The “+Shock” considers health, psychological, and collateral national economic impacts” (CFSAN/F DA, 2007b). The lack of an intent to shock on the 69 part of the counterfeiters renders the “+Shock” aspect of the tool inapplicable to the economic fi'aud aspects of counterfeiting (see Table 5). Table 5. Carver+Shock Software Tool: Shock Scale Descriptions Shock Scale (1-10) Target has little historical, cultural, religious, or other symbolic importance. Loss of life 3-4 less than 100. Small impact on sensitive subpopulations, e.g., children or elderly. National economic impact between $100 million and $1 billion. Target has no historical, cultural, religious, or other symbolic importance. Loss of life 1-2 less than 10. No impact on sensitive subpopulations, e.g., children or elderly. National economic impact less than $100 million. For example, if the “+Shock” is used to review the Tylenol poisoning incident (the tampering of Tylenol with cyanide killed seven people and the costs were estimated at just below $1B (GlobalOptions Incorporated, 2003)), and it would score a 1-2 on the Carver+Shock tool regarding deaths and 3-4 regarding costs (Mitchell, 1989). Counterfeit product incidents—the melamine in pet food, the counterfeit branded toothpaste in dollar stores, and counterfeit Viagra—would all score a “+Shock” value of 1 -2. The process of scrutinizing each process step for vulnerability has application in evaluating the counterfeit threat, but since the tool is focused on attacks that have an intent to harm, and the focus in on national-level impacts, the Carver+Shock tool does not directly apply to pure economic fraud or to the counterfeit threat (CFSAN/F DA, 2007b; US Department of Agriculture, 2005). 2.3.5.5 Other Food-Related Terrorism Risk Models Many models have been developed for reviewing terrorist threats to the food industry in terms of deaths, dollars, and other attributes, or models that try to estimate the effectiveness of deterrent measures. Some of the models used are extensive and are 70 based on very complex mathematical equations to predict the outcomes (Bogen & Jones, 2006; Coffin, 2002; DHS, 2007; Ericson, 2006; Kosal, 2006; Willis & LaTourrette, 2008). These models are used to develop very broad estimates for entire industries or countries, not for specific products or companies. Another limitation, noted by several authors, is that the models include great uncertainty or variability, since they use many assumptions; are only valid against known scenarios; and apply to very general (non-specific) targets. Nevertheless, these quantitative models are necessary in evaluating programs, particularly when legislation or regulation is being considered. 2.3.5.6 FSIS/USDA Risk Analysis In this section, the food related risk analysis reports and models used by the United States Food Safety Inspection Service (F SIS) of the United States Department of Agriculture (USDA) will be reviewed to identify what is and is not applicable to economic fraud and the counterfeit threat. FSIS specifically covers the safety of meat, poultry, and egg products (Federal Bureau of Investigation, 2006). FSIS has a formal Risk Analysis program that focuses on the three traditional areas: Risk Assessment, Risk Management, and Risk Communication (F SIS/U SDA, 2003b). A key to the Counterfeit Product Risk Model is that FSIS hazard identification is assumed to already be completed and qualified. The assessments begin with a general operational risk management (ORM). FSIS states that risk assessment may be qualitative, semi-qualitative, or quantitative. The report also notes that qualitative assessments are used to review generalized risks and that they result in levels of risk such as high, medium, or low. 71 ”if? eighm @1101}; )‘c [530 F0110 R ,3 simmmm “Whit and W10130103: [kink Semi-quantitative assessments are used to “prioritize risks in relation to one another,” while quantitative assessments are used to identify and evaluate control points or the effectiveness of intervention strategies. Generally, the FSIS risk assessment begins with a step that clarifies the subject of the assessment, then evaluates adverse health effects, reviews the severity, and finally, constructs a dose response model (to determine the extent of the risk per dose of the hazard). Several examples of past FSIS risk assessments are: Salmonella enteritidis in eggs, E. coli 0157:H7 in ground beef, and Listeria monocytogenes in ready-to-eat meat and poultry products. Each of these published, formal risk assessments contained large data sets that were gathered in a laboratory setting and then had advanced statistical analysis applied to them (FSIS/USDA, 1998, 2003a, 2005). The fact that these reports were not classified, and other, detailed Department of Homeland Security National Infi’astructure Protection Plan (DHS NIPP) reports were, confirms the sensitivity of the economic fraud and food defense assessments. Following Risk Analysis, there is a review of Risk Management which involves evaluating policy decisions, and Risk Communication, which involves communicating to the public and other risk assessors. There are no published FSIS risk assessment methodologies that apply directly to the Counterfeit Product Risk Model. 2.3.5.7 CFSAN/FDA Risk Analysis The Center for Food Safety and Nutrition (CF SAN, referred to as “siff-san”) of the United States Food and Drug Administration (FDA) has risk analysis and risk assessment processes and procedures that are aligned with the USDA and with other US 72 docufi and international standards. The CF SAN overview was discussed in detail earlier in this document in explaining the basics of risk assessment, which included HACCP and GMP. As with the F SIS, most of the published risk assessment reports have very large data sets and contain predetermined hazard identifications. Hazard identification is conducted with a science- and risk-based approach, but it is usually done within groups that have security clearances (Spink, 2008). 2.3.6 Other Specific Examples 2.3.6.1 Example - Zurich Hazard Analysis (ZHA) The Zurich Hazard Analysis (ZHA) is a version of the traditional operational risk assessment (probability x severity matrix) used by the Zurich Insurance Group for the last 20 years. It is a proprietary application of the general risk assessment concepts: identification, assessment, evaluation, reduction measures, and a review of residual risk. Residual risk is the risk that remains after risk mitigation actions are taken. The ZHA includes a step for boundary definition of the total level of acceptable risk. The matrix then defines specific boundaries for acceptable/unacceptable risk levels (see Table 6). The insurance company and the client businesses determine the boundary conditions of acceptable and unacceptable. Mark Moorman, Vice President of Food Safety for the Kellogg Company, discussed the ZHA concept during a Seminar at the National Food Safety and Toxicology Center (NFSTC) at Michigan State University on June 13, 2007 (Moorman, 2007). 73 13bit it / / / 7: 52:31.. /c. S Table 6. Zurich Hazard Analysis Matrix of Severity versus Probability SEVERITY Critical 1 3 Probable 2 5 Occasional 4 6 Remote Improbable 12 15 E i i Note: this matrix includes a “Total Acceptance Risk Boundary Line” ZHA emphasizes using peer consultation or expert panels to review the validity of the assumptions and provide broad coverage of potential risks. The Zurich process is not widely noted in peer-review publications, but one article in the Journal of Biotechnology did discuss applications for it in biotechnology, and specifically, in biosafety. The article discussed the usefulness of the matrix with the boundary conditions (Popping, 2002). In addition, the United State’s Department of Labor, Occupational Safety & Health Administration Office (OSHA) has approved Zurich Hazard Analysis “. . .as an appropriate method for conducting the process hazard analysis which is required by 1910.1 l9(e)(2)” (Occupational Safety & Health Administration, 1995). The Animal and Plant Health Inspection Service (APHIS) of the United States Department of Agriculture (APHIS/ USDA) also recognized Zurich Hazard Analysis as a combination risk assessment tool, meaning that the tool utilized a combination of systematic steps to review and manage a risk (Charlton, 2004). 2.3.6.2 Example - MIL-STD-882D In Mil-Std-8 82D, there is a general reference to formal risk assessments and standards, but they usually only provided and outlined for the process and do not include either the details of selecting characteristics or the quantitative values of those 74 Chara” characteristics. The literature analysis and standards frequently emphasize the use of experts and the need to take their insights into consideration in order to adapt the risk assessment model for a specific situation. The Standard provides suggested mishap probability levels that are flexible, based on the specific system being analyzed (see Table 7). Table 7. Suggested Mishap Probability Levels for Specific Events and Occurrences in Mil Std 882D Description Level Specific Individual Item Fleet or Inventory Frequent A Likely to occur often in the life of an item, Continuously experienced with a probability of occurrence greater than 10"-1 in that life. Probable B Will occur several times in the life of an item, Will occur frequently. with a probability of occurrence less than 10"- 1 but greater than 10"-2 in that life. Occasional C Likely to occur some time in the life of an Will occur several times. item, with a probability of occurrence less than 10"-2 but greater than 10"-3 in that life. Remote D Unlikely but possible to occur in the life of an Unlikely, but can reasonably item, with a probability of occurrence less be expected to occur. than 10"-3 but greater than 10"-6 in that life. Improbable E So unlikely, it can be assumed occurrence Unlikely to occur, but may not be experienced, with a probability of occurrence less than 10"-6 in that life. possible. Note: table adapted fi'om: (Mil-Std-882D, 2000) With the Tylenol tampering example, a tampering did occur, and others have occurred. The product does have, and will continue to have, a “frequent” probability (Mitchell, 1989). The importance of calibrating the risk to the scale is clear. The use of a very small data set, combined with the concept that any and every product will get counterfeited somewhere in the world, could lead to defensibly picking any of the above descriptions without something like the Counterfeit Product Risk Model. The probability descriptions cover the life expectancy of the system, but the Standard offers flexibility in terms of “unit of time, events, population, items or activity.” 75 The Standard also notes that “Assigning a quantitative mishap probability to a potential design or procedural hazard is generally not possible early in the design process.” This includes situations where there is little data or understanding of the mishap risk. As long as the methodology is clearly defined, the Standard accommodates deriving a probability fi'om “research, analysis, and evaluation of historical safety data from similar systems.” The recommended severity categories and values are in Table 8: Table 8. Suggested Mishap Severity Categories in Mil Std 882D Description Category Environmental, Safety, Health Result Criteria Catastrophic I Could result in death, permanent total disability, loss exceeding $1M, or irreversible severe environmental damage that violates law or regulation. Critical 11 Could result in permanent partial disability, injuries or occupational illness that may result in hospitalization of at least three personnel, loss exceeding $200K but less than $1M, or reversible environmental damage causing a violation of law or regulation. Marginal III Could result in injury or occupational illness resulting in one or more lost work days(s), loss exceeding $10K but less than $200K, or rnitigatible environmental damage without violation of law or regulation where restoration activities can be accomplished. Negligible IV Could result in injury or illness not resulting in a lost work day, loss exceeding 82K but less than $10K, or minimal environmental damage not violating law or regulation. The importance of calibrating the Result Criteria to a specific risk is clear in cases since most counterfeiting occurs in the “exceeding $1 million” range (N aim, 2005) and thus, would always have a “Severity Description” of “Catastrophic.” Using the Tylenol case as an example (seven deaths and an estimated $1 billion in economic impact), the incident would have a severity rating of “I” (Catastrophic) whereas the Carver+Shock shock scale was a 3-4 out of 10. 76 655 (am 11 u 3:. A note is included with the original table that states “adaptation to a particular program is generally required to provide a mutual understanding between the program manager and the developer as to the meaning of the terms used in the category definitions” (Mil-Std-882D, 2000). Also, it is mentioned that other techniques for risk assessment may be more efficient. The Standard does not mandate exact following of the Standard. An example of the risk assessment matrix from the Standard is in Table 9. Table 9. Example of mishap risk assessment values in Mil Std 882D SEVERITY Catastrophic Critical Marginal Negligible >-‘ t: Frequent 1 3 7 13 d Probable 2 5 9 16 % Occasional 4 6 ll 18 8 Remote 8 10 14 19 sf Improbable 12 15 17 20 The mishap risk assessment values are grouped into mishap risk categories (Table 10). The definition or process used to define the categories is undefined in the standard. The mishap risk acceptance level indicates the title of the government official who would need to authorize accepting this risk in. Table 10. Example mishap risk categories and mishap risk acceptance levels Mishap Risk Assessment Mishap Risk Category Mishap Risk Acceptance Level Value 1-5 High Component Acquisition Executive 6-9 Serious Program Executive Officer 10-17 Medium Program Manager 18-20 Low As directed 77 -- 1...: the V3 It is important to know that there is no discussion or guidance in selecting either the values (1-5, 6-9, 10—17, 18-20) or the categories (high/serious/medium/low). The Mil-Std-882D is especially applicable to the Counterfeit Product Risk Model research because it is one of the most detailed and practical risk assessment guides. It is also an accepted standard procedure for regulatory agencies such as FDA and USDA. The FDA Combating Counterfeit Drug Task Force risk model development goals can be achieved through this Standard. The Standard can be used to explicitly identify where the Counterfeit Product Risk Model can add insight and value. 2.3.6.3 Example - Codex Alimentarius The Codex Alirnentarious Commission (Codex) operates between the Food and Agriculture Organization (F A0) of the United Nations (UN) and the World Health Organization (WHO), and is charged with global food safety initiatives, including global food standards. The Procedural Manual of the Commission specifically addresses risk analysis; and its concepts are parallel to other agencies such as the U.S. FDA. The Codex links components of risk assessment, risk management, and risk communication; stressing science-based and transparent analysis; and an emphasis on the separation of risk assessment and risk management to “ensure the scientific integrity of the risk assessmen ” (WHO, 2004). The Codex examines situations where “a risk to human health exists but scientific data are insufficient or incomplete” and that “the degree of uncertainty and variability in the available scientific information should be explicitly consider ” (WHO, 2004). In addition, “risk estimates may be qualitative or quantitative, but should be quantitative to the extent that is scientifically achievable” (WHO, 2004). 78 The Codex recommends, and offers discussions on, how to engage experts. As with most of the other standards or regulations, the Codex does not provide product specific or risk specific details that contribute to the detailed development of the Counterfeit Product Risk Model. 2.3.6.4 Example - FMEA Failure Modes and Effects Analysis (F MBA) is a quality control and risk analysis system with underlying risk assessment and management concepts that are very sound and insightful, although not suited to the all-encompassing counterfeit threat. FMEA is a widely used, pro-active quality tool that focuses on design improvements and physical failures (Kmenta & Ishii, 2000). The FMEA failure mode is defined here: Failure Mode - the manner in which a component, sub-system, or system could potentially fail to meet the design intent. The potential failure mode could also be the cause of a potential failure mode in a higher level subsystem, or system, or the effect of a lower level effect (Kmenta & Ishii, 2000). FMEA focuses on system performance by analyzing reliability, maintainability and safety (Onodera, 1997). FMEAS are most frequently used in early product development and then again in manufacturing (Onodera, 1997). The FMEA system is based on data gained from known recorded failures—in the lab and in the field— which leads to the efficient use of a probabilistic approach (probabilities based on historical data) (Kara-Zaitri, Keller et al., 1991). Other reports specifically identified FMEA in manufacturing operations, focusing on “the ways equipment can fail or be improperly operated,” with an emphasis on identifying the specific Single component that failed (Graver, 2001). FMEA is used to analyze “risk by identifying hazards and suggesting process design modifications” (Zambrano, Sublette et al., 2007). The FMEA emphasis 79 on monitoring recurring actions within a specific system is demonstrated in the abstract of the FMEA Reference manual, published by the Society of Automotive Engineers (SAE). Its focus is on “potential failure of a product/process” and identifying actions that could reduce or eliminate the failure (Society of Automotive Engineers (SAE), 2002). The key component of the F MBA is the Risk Priority Number (RPN), which is used to assess the risk using the three criteria of occurrence, severity, and detection. Detection focuses on identifying the failure before the customer receives the product. Detection specifically looks at the physical product’s development, manufacturing, and operations. FMEA is a widely used quality and risk assessment process that is event and data intense. It focuses on specific products and systems, so it does not directly apply to the Counterfeit Product Risk Model. 2.3.6.5 . Example - ISO Standards There are several International Organization for Standardization (ISO) standards that are related to counterfeiting, but none apply directly or provide detailed insight for the Counterfeit Product Risk Model (Branch, 2008). ISO Standards for Risk Of the one hundred and twenty active ISO Standards that include the term “risk” in the title or abstract, there is only one active standard and only one proposed standard that contribute to the Counterfeit Product Risk Model: “180/ IEC Guide 73, Risk Management — Vocabulary,” which covers twenty-nine standardized risk vocabulary terms (ISO, 2002, 2007b) and the pr0posed “ISO 31000 Enterprise Risk Management” which covers general guidelines for enterprise risk management (ISO, 2007a, 2008a). 80 ISO/ IEC Guide 73 covers risk management terminology that has been incorporated in the previous literature review (180, 2007b). ISO 31000 was under review at the time of writing, with a publication date projected for 2009 (Standards New Zeeland, 2008). The draft of “ISO 31010 Risk Management — Risk Assessment Guidelines,” which has not yet been released publically, will include a more formal guideline on assessment of risks than in ISO 31000 (ISO, 2008b). The Counterfeit Product Risk Model would fit under section “3.29 Risk Indices,” because the nature of the data or the emerging risk warrants using a qualitative or semi-qualitative comparative tool. The standard discusses breaking the risk down to its risk components (such as probability and severity) and to more detailed attributes. The standard discusses the use of qualitative (“such as high, medium, and low”), semi-quantitative or quantitative methods based on the “particular application, availability of reliable data and the decision making needs of the organization.” The standard also discusses applying mathematical formulas to scale the risk ranking. As with the other standards reviewed, there is great detail on how to manage the risk process, but little or no detail on when or how to evaluate whether an emerging risk should even enter the risk analysis process. These standards support the continuing definition and development of more formal risk analysis and enterprise risk management but they do not specifically address the counterfeit risk threat. ISO 14971 Medical Devices — Application of Risk Management ISO 14971, “Medical devices- Application of risk management to medical devices,” is another excellent and effective risk management standard that supports many 81 of the concepts in the Counterfeit Product Risk Model, but, as with the other standards, it does not offer the details necessary for building the risk assessment model. ISO 14971 is important to healthcare providers because it supports risk assessment for new equipment and procedures with an FMEA-type procedure (Christ, 2005; Dain, 2002). A key value of ISO 14971 is that it offers an “excellent structure for analyzing risk” and balances “the risk of being too risk averse” and the “the risk of being too risky” (Fotis & Bix, 2006). As with many of the other ISO type standards and processes, ISO 14971 was developed to reduce hazards and harm in specific system failures and for specific products in specific applications (Rudolph, 2003). To that end, roughly 80% of manufacturers use F MBA, to some extent, in order to implement ISO 14971 (Schmidt, 2004). F MBA is very effective at evaluating and controlling the manufacturing and operations processes, and a fault tree analysis is excellent for considering risks in handling (Schmidt, 2004). For the products covered by ISO 14971, this quality risk management approach is effective, in part, due to “huge amounts of data — data availability;” “data in separate, diverse systems;” “huge amounts of documentation;” “documentation to support submissions;” and “production records.” (Johanning & Dahlgaard, 2007). These attributes are in limited quantities or not available in product counterfeiting. “[In ISO 14971] risk analysis identifies potential foreseeable hazards derived fi'om product testing, complaints, adverse events, recalls, audit observations, and other product or process deviations that are involved with the use, misuse, or abuse of the product” (Smith, 2004). Much of the literature focuses on potential harm to humans or 82 hazards from products or product defects, or from user errors, and reasonably foreseeable misuse and abnormal use (Murphy, 2006). As with other standards, such as HACCP and GMP, it would be logical for those implementing ISO 14971 to consider the counterfeit risk in its hazard identification step. Once a specific type of counterfeiting is identified that has a specific risk, this specific risk could be evaluated using a fault tree analysis (or other method), and then by working backwards, processes or systems that would minimize the hazard or harm could be implemented (Clinton, 2008). ISO Standards for Security and Traceability The ISO standards that include “security” or “traceability” in their title or abstract, or that are noted in other literature as related to product counterfeiting, are (Branch, 2008): ISO 27000 Information Security Management Systems ISO 28000 Supply Chain Security Management ISO 22000 Food Safety and Security ISO 14000 Environmental Management & Security ISO 17799 Generic Information Security Standards for Computers and Information Technology These offer insights or perspectives on how risk models are used in other areas, but they do not contribute to the Counterfeit Product Risk Model. 2.3.6.6 ICH Q9 The International Conference on Harmonization (ICH) has created a quality standard, identified as Q9 (International Conference on Harmonization, 2005), and wide adoption of the quality standards that Specifically address risk management have occurred (Wechsler, 2007). The ICH has developed a range of programs—such as Q8, 9 “Pharmaceutical Development” and/or Q9 “Quality Risk Management’ —which have 83 been adopted by the EU, Japan, and the US (FDA) (CBER/FDA, 2006). The goal of ICH is to harmonize work processes and build off current regulations and industry practices such as GMPS and standards such as ISO 9000 (a quality management standard) (Martin, 2007). In combination, Q8 and Q9 focus on the overall pharmaceutical manufacturing process. A Q10 program is also underdevelopment which will directly link standards Q8 and Q9 (W echsler, 2007). The Q9 standard addresses risk management and specifically focuses on “risk- management principles applicable to drug development and manufacturing. It includes methods such as hazard analysis and critical control points, and failure-mode effects analysis [FMEA]” (Bush, 2005). The standard defines terms and includes conceptual risk models. The standard refers to quality risk management systems (QRM)—which is the traditional risk analysis of probability versus severity—to quantify an overall risk (W echsler, 2007). The ICH Q9 (and Q8 and Q10) build off of existing quality and risk management processes and best practices (International Conference on Harmonization, 2005). While the ICH standards do not mention counterfeit or economic fi'aud, one aspect of ICH Q9 that has an application to this research, is that it includes “detect-ability” in the formula with probability and severity. The key insight is that counterfeit products are detectable if there is a process to look for them and incorporates some component or method to actually identify the fakes. With the ICH Q9 focus on manufacturing and operation processes and risks, it includes many of the same excellent insights and limitations, of the other standards. However, they do not directly apply to the Counterfeit Product Risk Model. 84 2.3.6.7 Other Risk or Quality Programs Several other risk and quality programs or standards that have been reviewed in the analysis and design of the Counterfeit Risk Model are discussed in the following: The Preliminary Hazard Analysis (PHA) process considers “prior experience or knowledge of a hazard or failure to identify future hazards” and—although it is not specifically intended as a tool or model for counterfeiting—product counterfeiting could be included as a hazard (International Conference on Harmonization, 2005). The Hazard Operability Analysis (HAZOP) program focuses on design and operating deviations that lead to risk. There is no mention of counterfeiting or fraud. If the process were to be extended to suppliers or contract manufacturers, the counterfeit product risk could be incorporated into this process (International Conference on Harmonization, 2005). The Failure Mode, Efl”ects and Criticality Analysis (FMECA) is different than F MEA, since it includes more consideration of the severity of an event. As with FMEA, FMECA focuses on reducing risk through product design or manufacturing specifications. Product counterfeiting could be included as a potential source of failure or variation, but it is not a tool or model that directly applies to the Counterfeit Product Risk Model (International Conference on Harmonization, 2005). 2.3.7 Industry and Agency Reviews This information is included because many of the basic concepts could apply to the Counterfeit Product Risk Model. 85 2.3.7.1 Hurricane-Related Risk Assessment Hurricane-related risk assessment is covered in the Society for Risk Analysis Journal of Risk Analysis (Jain & Davidson, 2007). In this research a model of the wind risk to wood-flame houses was developed, in order to analyze how different building variables would affect direct economic loss. Variables included changes in building codes and population growth that were correlated to the relative strength of the hurricanes. To gauge the severity of the wind, historical storm data was used in a classical statistical Monte Carlo simulation to judge the risks. This analysis is possible (there is data on the winds in a hurricane) and logical (the winds act consistently) since it is based on specific atmospheric conditions. For the Counterfeit Product Risk Model, this article emphasizes the value of model development, even though there may be a very small sample size. It supports using qualitative estimates of probability. 2.3.7.2 Risk Assessment in Criminal Justice This overview of risk assessment in criminal justice was developed to investigate those aspects and tools that are applicable to the Counterfeit Product Risk Model. The academic discipline of Criminal Justice has incorporated risk prediction since the 1930’s, and has evolved fi'om the use of PAT (process analysis triangle of criminal] victim/ opportunity) to the more modern and more practical, Situational Crime Prevention work (Clarke, 1997). Other processes that have been developed include RAT (routine activity theory), rational choice, and SARA (Scanning, Analysis, Response and Assessment) (Center for Problem-Oriented Policing, 2006; Felson, 1998; Town, 2001 ). 86 Goldstein developed eleven basic elements behind problem-oriented policing that were referenced in Bullock, and that have applications in an anti-counterfeit strategy. These are basic steps in a Counterfeit Product Risk Model (Bullock & Tilley, 2003; Goldstein, 1979). Eleven ‘basic elements’ of ‘problem-oriented policing’ grouping incidents as problems focusing on substantive problems as the heart of policing effectiveness as the ultimate goal the need for systematic inquiry disaggregating and accurately labeling problems analysis of the multiple interests in problems capturing and critiquing the current response an uninhibited search for a tailor-made response adopting a proactive stance 0. strengthening the decision-making processes and increasing accountability 11. evaluating results of newly implemented responses ”99°99‘99pr In his book “Understanding Risk in Criminal Justice,” lKemshall discusses two criminal justice concepts which are applicable to the Counterfeit Product Risk Model (Kemshall, 2003). The first is that both first generation (subjective assessment, professional judgment, etc.) and second generation (systematic, empirically grounded, etc.) risk assessment tools should be used when reviewing the counterfeit threat (Kemshall, 2003). The second important concept examines how rational choice theory may apply to criminals and counterfeiters. For instance, by raising costs and lowering benefits, the economics of the opportunity can rationally deter criminals (Kemshall, 2003). A key application to the Counterfeit Product Risk Model is that while “Criminal Justice” uses extensive risk prediction, such as PAT and Situational Crime Prevention, there are no standardized, specifically focuses or precise tools. 87 Key findings of this research which are applicable to the overall anti-counterfeit strategy: Criminal “opportunities” will greatly increase because the value of the opportunities are increasing along with the criminals’ advancing manufacturing capabilities and increased technical skill, which they will continue to find ways to optimize. By definition, “pure risk” has no upside whereas “speculative risk” does, but the pure risk to the attacked retailer provides a possible positive speculative risk for the non- attacked retailers (Nader, 2002). For example, if the attacked product is a necessary consumable, such as infant formula, consumers will move to some other trusted retailer to satisfy this demand. As long as there is still an opportunity, the criminals are very adaptable (Kemshall, 2003). While it is important for retailers and manufacturers to support increased legislation and international enforcement, the immediate benefits are from actions to implement the keys of Situational Crime Prevention of ‘target hardening’ and ‘surveillance’ within their own companies (F elson & Clarke, 1997). 2.3.7.3 Review of Risk Assessment in US Forest Service Wildfire Danger Rating Level System (WFAS) This review of risk assessment in the US Forest Service Wildfire Danger Rating Level was done to determine if any of the aspects and tools are applicable to the Counterfeit Product Risk Model. In fact, this risk assessment system may actually be the most directly applicable to the Counterfeit Product Risk Model. The Wildfire Danger Rating Level is a successful, clear, and consumer-recognized danger rating system (US Forest Service, 2006). 88 The rating system is comprised of scientific measures, taken by assigned experts, that take into account current and “antecedent” weather (1 -10-100-1000 hour future weather or impact of the weather on the forest) (US Forest Service, 2006). The rating system normalizes rating classes across all environments and conditions. A Fire Potential Index (F PI) (Equation 1) is derived from the scientific measures in a formula, and is then applied, using an “adjective class rating” method. The rating appears to be randomly set at quadrants, but the input variables are weighted. For example, “The value 35(/ 100) is used as the lowest maximum percent green [there are higher color categories], even for arid areas of the West” (Burgan, 2006). The FMI formula is statistically reviewed and if the r"2 value for all years was 0.72, then the “correlation between the FPI and fire occurrence was very high” (Table 11 (Burgan, 2006). Table 11. Fire Danger Rating and Color Codes from the WFAS System Fire Danger Rating Color Code Approximate FPI Index (applied to percentages) (0 = no data) Low (L) Dark Green 1-20 Moderate (M) Light Green or Blue 21-50 High (H) Yellow 51-70 Very High (VH) Orange 71-90 Extreme (E) Red 91—100 FPI=(1-TNf)*(1- LR)*100 (1) Where equation [1] produces FPI values that can range from 0 to 100. The FPI will equal 0 when the TNf is 1 (the dead fuel moisture equals the moisture of extinction) or the LR value is 1 (the vegetation is firlly green). These circumstances do occur, but the FPI is limited to a minimum value of 1 so that areas outside the United States can be identified as the value 0 (no data). The FPI will attain a value of 100 if the LR is 0 (all the vegetation is cured) and the 10 hour time lag fuel moisture is at its minimum value of 2 percent. 89 Beyond the simple warning for citizens, the Fire Danger Rating is used to allocate funds, personnel and firefighting equipment (Burgan, 2006). The objective of the process is to attain 97-99% confidence that a “large” fire will be suppressed in 1 to 3 days. The key findings of this research which are applicable to the Counterfeit Product Risk Model are: 0 US Agencies and citizens are familiar with risk danger rating systems 0 The Danger Ratings are tied to some specific actions or procedures that are implemented when a rating changes 0 Reduction in variability and uncertainty in measurements (which would initiate changes in preparedness). The variables are scientifically derived and measured by trained experts. - A simple system of measurements and derivation can be extremely effective in predicting and managing specific risks—in fact, simple systems of derivation and output seem to be very effective. 0 As the danger rating experience and expertise grow, the system includes early warning signs that might lead to future risky conditions. In the case of fires, the change in vegetation over time (how much will the vegetation dry or moisten over 1- l 0-100-1 000 hours) is considered. a Once there is a large enough data set for statistically significant results, behaviors can be changed based on the application of classical statistical tools. 90 2.3.7.4 Airplane Birdstrikes The process for predicting the risk of birdstrikes to airplanes, exhibits many similarities to counterfeit risk prediction. This section is based on an article in the Journal of Risk Analysis published by the Society for Risk Analysts (Allan, 2006). Airplane birdstrike events are “not uncommon” (750 strikes in the UK per year) and the results are perceived to be costly, though quantitative cost estimates are not available in the public domain. This analysis converts quantitative measures (number of hits) into a qualitative probability judgment of low/med/high, then applies the probability data to the probability x severity matrix to arrive at a final, overall qualitative risk assessment (Allan, 2006). A particular focus of this analysis is to assist efficient risk mitigation, by helping to evaluate the actions that will provide the greatest benefit. This process is being used in the United States, Canada, Australia, and New Zealand. The application to the Counterfeit Product Risk Model derives fi'om its use of the probability x severity matrix, and use of qualitative measures of probability for small data set analysis. 2.3.7.5 US Government Accountability Office (GAO) Reports The US Government Accountability Office (GAO, before 2004 known as the US General Accounting Office) conducts investigations and research to answer questions posed by other government agencies. One such report is “RISK MANAGEMENT - Strengthening the Use of Risk Management Principles in Homeland Security” (United States Government Accountability Office, 2008b). 91 Topics related to the Counterfeit Product Risk Model have been reviewed, such as risk management, intellectual property rights, economic fraud, food safety, terrorism and even counterfeit product in use in nuclear facilities. The most applicable reports are listed here (listed by most recent data): 1) 2) 3) 4) 5) 6) 7) 8) 9) RISK MANAGEMENT - Strengthening the Use of Risk Management Principles in Homeland Security, United States Government Accountability Office (GAO), GAO-08-904T, June 25, 2008 INTELLECTUAL PROPERTY, Federal Enforcement Has Generally Increased, but Assessing Performance Could Strengthen Law Enforcement Efforts, United States Government Accountability Office (GAO), GAO-08-157 March 2008, INTELLECTUAL PROPERTY - Risk and Enforcement Challenges, Statement of Loren Yager, Director International Affairs and Trade, United States Government Accountability Office (GAO), GAO-08-177T, October 18, 2007 FEDERAL OVERSIGHT OF FOOD SAFETY - High-Risk Designation Can Bring Attention to Limitations in the Govemment’s Food Recall Programs, Statement of Lisa Shames, Acting Director Natural Resources and Environment, Testimony, United States Government Accountability Office (GAO),Tuesday, April 24, 2007 INTELLECTUAL PROPERTY - Better Data Analysis and Integration Could Help U.S. Customs and Border Protection Improve Border Enforcement Efforts, United States Government Accountability Office (GAO), GAO-07-735, April 2007 INTELLECTUAL PROPERTY - Initial Observations on the STOP Initiative and U.S. Border Efforts to Reduce Piracy, Statement of Loren Yager, Director International Affairs and Trade, United States Government Accountability Office (GAO), GAO-06-1004T, July 26, 2006 INTELLECTUAL PROPERTY - U.S. Efforts have Contributed to Strengthened Laws Overseas, but Significant Enforcement Challenges Remain, Statement of Loren Yager, Director, International Affairs and Trade, United States Government Accountability Office (GAO), GAO-05-788T, June 14, 2005 INTERNET PHARMACIES - Some Pose Safety Risks for Consumers, US Government Accountability Office (GAO), GAO-04-820, June 2004 CIGARETTE SMUGGLING - Federal Law Enforcement Efforts and Seizures Increasing, United States General Accounting Office (GAO), GAO-04-641, May 2004 92 10) FRUIT JUICE ADULTERATION: Detection Is Difficult, and Enhanced Efforts Would Be Costly, United States General Accounting Office, GAO GAO/RCED- 96-18 November 1995 11) NUCLEAR SAFETY AND HEALTH, Counterfeit and Substandard Products Are a Government-wide Concern, Nuclear Safety and Health (GAO/RCED-91-6 Counterfeit and Substandard Products), United States General Accounting Office (GAO), October 1990 Although the reports offer insight and direction in assessing the counterfeit threat, the reports do not define models or tools, so there is no direct contribution to the Counterfeit Product Risk Model. 2.3.7.6 Value At Risk (V aR) The banking and capital management industry concept of “Value at Risk” applies to the Counterfeit Product Risk Model. This section is based on the book “Risk and Bank Capital Management” by Francesco Saita (2007) (Saita, 2007). Value at Risk (V aR) is the amount of a corporation’s value, in terms of actual dollars, that is at risk during normal business operations, such as the loss on a sale of an investment or a bad loan. A critical limitation of VaR—both for this industry and for anti-counterfeit strategy—is that it does not include other losses, such as brand equity, civil liability, etc. Nevertheless, VaR does include risk management concepts that clearly apply to the Counterfeit Product Risk Model. To compare risks corporation-wide, the risks need to be able to be compared in the same way; in a harmonized risk system. Most risk management actions require financial expenditures, and analysis should be presented in those terms. When applied to new or emerging risks, there is a known difficulty in deciding what risk to consider in the first place, how to calculate these risks, and how to aggregate them to a corporate-wide level. “In summary, while risk measurement may be considered a science, risk 93 management, capital management, and capital allocation remain largely a blend of science, experience, and art” (Saita, 2007). VaR focuses on operational risk and the inclusion of “external events” in the analysis applies to the counterfeit risk. “Operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. This definition includes legal risk, but excludes strategic and reputational risk” (Saita, 2007). In measuring the risk, as with other systems, there is an emphasis on achieving quantitative measures. Scenario analysis is recommended as a way to begin to understand, map, and start to quantify these new risks, using the probability versus severity matrix. The early steps of model development or risk management should be made based on historical experience, if available and reliable, and then correlated with expert opinion. Scenario analysis is used to develop forward-looking risk models in an effort to learn about the underlying processes that lead to the risk. The forward-looking processes use key risk indicators (KRIS) to identify and anticipate potential risks. There are several key attributes of KRIS that apply to the Counterfeit Product Risk Model (Saita, 2007): 1) strongly related to the frequency and/or severity of critical operational 2) highrsedundant [the risk should only be counted once], 3) as measureable and easy to monitor as possible, and 4) auditable, i.e. subject to easy verification. Many authors and articles support the view that VaR is limited for considering extreme events (‘tail risk’ or ‘fat tail’ events—extreme events that are very infrequent but have potentially very high impact) in the calculation (Quaranta & Zaffaroni, 2008; Tibiletti, 2008; Wang, Chaudhury et al., 2008). Hallerbach (2004) discusses 94 “decomposing downside risk into components that are attributable to each of the underlying risk factors” (Hallerbach & Menkveld, 2004). In Duffie & Pan (1997), a “lognorrnality assumption” is presented, which emphasizes unaccounted-for risk when assuming the reality will match the expected prediction of activity. The bank and capital management risk management concept of Value at Risk has many insights valuable to the Counterfeit Product Risk Model: There is an acceptance that hazard identification has already occurred; the risk is already identified and considered important enough to run through the risk management process. This is a recognized gap in many of the risk management models and processes. An interesting insight is that some risks seem to be so rare that risk mitigation (trying to reduce the frequency or severity) steps are difficult or impossible to quantify, so risk management moves fiom mitigation to acceptance. Scenario development is valuable in forward-looking models for new or emerging risks. The risks should be quantified in terms that can be harmonized in corporate-wide risk management systems; in this case, to facilitate the effective allocation of capital. The beginning steps of risk management are as much science as art. The first step in quantifying a new or emerging risk is to map the underlying operational processes that lead to the risk, and to begin to develop the frequency (probability) and severity estimates. Risk management should be based on historical experience, if reliable and available, and correlated with expert collaboration. 95 2.3.8 Risk Model Research Summary The options for conducting risk assessment are vast. A close review of actual risk assessment models, including the standards that are in place, demonstrates that the operational risk management (ORM) or “probability versus severity” matrix is commonly recommended and used. Most of the models and processes use some quantitative measures but end up using qualitative statements of probability, severity, or of overall risk. The range of models or processes that were defined usually breakdown an overall risk into a series of mutually exclusive, comprehensively exhaustive (MECE) factors. Some models or processes break the main factors down to more detailed sub-factors. In other models, there is already a more detailed analysis that could be considered sub-factors. Although there are many aspects of models or processes that could contribute to some aspects of the Counterfeit Product Risk Model, the literature analysis and report review did not identify any directly applicable models. 96 3.0 MODEL DEVELOPMENT This section covers the methods used to develop the Counterfeit Product Risk Model, the series of propositions that was presented to an expert panel of industry experts, and an industry survey that was presented to industry professionals to review current industry actions and trends. The propositions and the model concepts were tested in the Expert Panel Survey (Chapter ##) and a practical example of the use of the model is included in the Case Study (Chapter 5). 3.1 Model Overview Before presenting the Specific Counterfeit Product Risk Model details, an overview is provided here. The model focuses on the probability portion of the general probability versus severity matrix. The probability is based on a series of five factors which, in turn, are based on a series of three (or more) sub-factors. The five factors are proposed to be used with all counterfeit products, whereas the sub-factors are to be developed for the specific products being reviewed. Figure 3 is an overview of the Counterfeit Product Risk Model. The overview shows how the sub-factor derivation leads to the ranking of the sub-factors, which feeds up to the ranking of the factors, which finally feeds into the overall ranking of probability. The Counterfeit Product Risk Model uses a cascading approach to derive the sub-factors, which cascade up to the factors, which cascade up to the overall risk rank. Vice versa, by cascading down from the overall risk rank to ever increasing orders of detail can facilitate understanding between the parties developing or using the information. This concept is similar to the model cascading approach discussed by 97 Hovvick (2008) in “Building confidence in models for multiple audiences: The modeling cascade.”. Counterfeit Product Risk Model: Overall Risk Rank 1 r ! I fiL Counterfeit Counterfeit Counterfeit Counterfeit Market History Ability Attractiveness Hurdles Profile Sub-Factors Sub-Factors Sub-Factors Sub-Factors Sub-F actors I 1 1 1 1 2 2 2 2 2 3 3 3 3 3 l l ! Sub-Factor 3 Derivation Sub-Factor 2 Derivation Sub-Factor 1 Derivation Define how the rating Define how the rating Define how the rating was derived was derived was derived Figure 3. Counterfeit Product Risk Model Overview Howick emphasizes the cascading model building process, specifically called the four stage reversible cascade, as being transparent, auditable, and clear. The cascading Process has many advantages such as: achieving comprehensiveness, developing organizational learning, testing the veracity of multiple perspectives, modeling transparency, achieving common understanding across many audiences and promoting conficlence in the [organization’s understanding of all the risks included in] models” (HOWick, Eden et al., 2008). I-lowick’s model uses a series of steps to convert “natural language to numerical Sin“nation and back again.” Essentially taking real world risk attributes, and through 8 e"’Sfi‘al steps, compounding the concepts to a single model. 98 3.2 Research Introduction The Counterfeit Product Risk Model was developed using literature sources, agency report reviews, and extensive peer consultations with industry, agencies, associations, and other academics. The literature supports this early engagement of experts, formally called “peer input” or “peer consultation” (Patterson, Meek et al., 2007). The Model has been presented and/or discussed with the members of a wide range of groups including: Michigan Department of Agriculture (MDA), National Center for Food Protection and Defense (N CFPD), International Association of Packaging Research Institutes (IAPRI), Society for Risk Analysis (SRA), International Association for Food Protection (IAF P), International Authentication Association (1AA), American Society of Industrial Security (ASIS), and others. Prediction of counterfeiting risk is such that classical statistical models or formulas are not effective. For theoretical purposes, formulas are often developed to gain general insight on how entire systems function, but that work is not useful in developing a specific product Counterfeit Product Risk Model. If classical statistical models or formulas were used, the heuristic (derived from personal experience rather than actual data) nature of the root data would lead to either the impression of excessive precision or confidence intervals so wide that the outcome would be unusable for specific risk management decisions. During the literature analysis and in discussion with the industry and agencies, it became clear that there was very limited public information related to counterfeit risk, or even the very first steps of hazard identification, a critical part of a counterfeit risk assessment. This insight led to a modification of the original research concept, in a way 99 that led to the development of a more fundamental propositions that would assist future researchers in more detailed, product, or industry specific risk assessments (C-STAT, 2008c). Propositions are word descriptions of the underlying premises of the concepts rather than formulas (F eys & Fitch, 1969; Hazewinkel, 1988). Thus, basic propositions were developed through literature and report review, and peer consultation. A proposition is a preliminary step in the creation of a more formal research project or hypothesis (Cramer & Howitt, 2004; Eisenreich & Sube, 1982; Weisstein, 2003). Propositions are usually very basic in nature and reference scholarly sources. The series of propositions that were developed were used to create the experimental design for this research. Propositions are often included as preliminary work before formal hypothesis are developed (Cramer & Howitt, 2004; Eisenreich & Sube, 1982; F eys & Fitch, 1969; Weisstein, 2003). Very often, propositions are used in series, with each proposition building on the previous propositions (Karush & Tarcov, 1989) The propositions were supported by a series of comments referred to in this research as a “Strategy Statement.” These propositions, and their supporting “Strategy Statements,” were developed to methodically review seminal concepts in the development of the Counterfeit Product Risk Model. 3.3 Propositions 3.3.1 Proposition 1 Proposition 1 — The probability versus severity matrix is a logical starting point for the Counterfeit Product Risk Model. 100 Concept Statement 1-1: A model was developed, and supported, using the probability versus severity matrix that is in use by the FDA and others (Figure 4). These points support the Concept Statement. Probability Medium Very High Low Very Low High Very High High Medium Low Very Low Figure 4. Example of Probability versus Severity Matrix 0 Several models were found in the literature but were not supported by scholarly research. The most applicable model was the FDA’s Operational Risk Management (ORM) model and the associated risk matrix. This is identical, in principle, to the Zurich Hazard Analysis concept (Moorman, 2007). o The operational risk tools (e.g. ANSI, ISO, EU, Mil-Std, etc.) are excellent process for setting up the model but do not have scholarly support and do not provide any guidance relative to counterfeit risk. 0 Classical statistical tools cannot be applied to the counterfeit concept at the hazard identification stage, since the data sets are small and/or incomplete (though statistical tools can be applied to incomplete or non-inclusive data sets for a theoretical exercise) (Claycamp, 2006; Jablonowski, 1996). 101 The literature frequently reinforces the concept that the model developer must understand what decisions will be made with the model, the resources available and who will be using the model. Concept Statement 1-2: The use of qualitative ranking in the model was supported by the following points. The operational risk management models use qualitative characteristics (introduced in Section 2.2) such as high/medium/low (Buchanan, 2007). The model development procedures recommend a simple format for early hazard identification, using the available data and for ease of use (increasing the chance they will be used). There has been support over many years of using “value” words rather than numbers for communicating risk (F eys & Fitch, 1969; Hazewinkel, 1988; Zambrano, Sublette et al., 2007). If the factors or sub-factors were ranked or weighted quantitatively, the heuristic nature of the decisions, or the incomplete nature of the data could lead to what the USDA has called “excessive precision” (Hassenzahl, 2006; Pittinger, Brennan et al., 2003). The literature included methods using three to nine value word categories. For counterfeit product research, the extreme tails of the data were defined as very low and very high, to represent close to the 0% and 100% extremes. For counterfeiting and diversion, there is always some possibility that an event will or will not occur. Using high/medium/low is very common, and with the counterfeit risk, it is important to emphasize that there is always a risk for the extremes (very small but not 0% and very 102 large but not 100%), so very high and very low were included. To cover two extreme tails and a common center of high/medium/low, it was most appropriate for the Counterfeit Product Risk Model to evenly cover the range with five risk rankings from very high (VH), high (H), medium (M), low (L), and very low (V L). The specific risk ranking (VH, H, M, L, VL) values for the qualitative measures (dollars of loss, number of injuries, etc.) are to be defined by the users of the model. Further breakdown of the risk rankings was not efficient given the uncertainty of the data and the heuristic nature of the risk categorization. Also, there is no consistent method to determine the break points between the qualitative categories. Concept Statement 1-3: No other models or processes were found that better supported the research goal, including Value-At-Risk (financial) to the Forest Service Wildfire Danger Rating System, including the FDA Operational Risk Management and Carver+Shock models. The following supports the Concept Statement. 0 While Value-At-Risk has many concepts that can be applied to the Counterfeit Product Risk Model, a critical limitation is the explicit focus on clearly quantifiable financial loss fi’om a risk position. The concept does not consider tangent exposure such as brand equity or civil litigation. 0 The FDA Carver+Shock model is commonly used in food defense risk assessment research (CFSAN/F DA, 2007a). Carver+Shock does not directly apply to the Counterfeit Product Risk Model since it was built on the premise that there is a malicious intent, or more specifically, intent to cause shock or terror. The counterfeiter, on the other hand, is seeking economic gain rather than causing a physical attack—the public health threat is through negligence. 103 0 Many other models are used in risk assessment. A list of those specifically reviewed are as follows: 0 FDA: ORM, Carver, Carver+Shock 0 Food Industry: HACCP, GAP, GMP, ALERT, FSIS/CF SAN, Codex Alimentarius/ UN-FAO, etc. 0 Operational Risk: Mil-Std-882D, ANSI B11 TR3, 18014121, EN1050, etc. 0 Others: Zurich/ Kellogg’s, airplane bird strike, hurricane building codes, CJ/ situational crime prevention, Forest Service Wildfire Danger Rating level system, etc. Concept Statement 1-4: The focus on only the probability portion of the risk matrix was supported by the following points (see figure 4). These points support the Concept Statement. 0 Peer consultation supports that a detailed review of the probability part of the probability versus severity matrix would help the risk assessment process. 0 Severity is calibrated using an organization’s own, unique, risks. For example, the severity of failure events would be quite different for a writing pen product and an airplane part company. 3.3.2 Proposition 2A Proposition 2A — It is logical to break down the overall Counterfeit Product Risk Model to a mutually-exclusive, comprehensively exhaustive set of factors. 104 Concept Statement 2A-1: The use of mutually-exclusive and comprehensively- exhaustive factors was supported by the following points. This point supports the Concept Statement. 0 The previously covered peer consultation and the literature review supported dividing the factors into groups that were mutually-exclusive (characteristics clearly fall into one factor) and comprehensively exhaustive (all major factors are included). 3.3.3 Proposition 2B Proposition 28 — It is logical to use these factors in the Counterfeit Product Risk Model: Counterfeit-History, Counterfeit-A bility, Counterfeit-A ttractiveness, Counterfeit-Hurdles, and Marketing Profile. Past evidence of counterfeiting or diversion is the most accurate predictor of future counterfeiting or diversion (deKieffer, 2006b; FDA, 2004; INTERPOL, 2007; WHO, 2007b). Data confirming that the product has been counterfeited is evidence that the product has been counterfeited, but no record of counterfeiting is not evidence that the product is not counterfeited (deKieffer, 2006b; Liang, 2006). Thus, in following the logic outlined in the FDA Combating Counterfeit Drugs report (as well as other such as the WHO and COE) (Council of Europe, 2006; FDA, 2004), this model expands from the known infiingements to additional root factors. Other root factors were reviewed in the literature. The five root factors (above) were chosen to cover the full range of counterfeit issues. 105 Concept Statement ZB-l: Factors beyond the known infiingements (counterfeit and diversion) will be included to provide more detail in the model. These points support the Concept Statement. 0 This model considers the known infiingements and beyond to examine additional root risk factors. This step is important in ranking risks within a group of known counterfeited products or to rank a new product versus a known counterfeited product. The top predictor of a counterfeit or diversion risk is past evidence of the risk. Knowledge of past infringement is included as a predictor in the FDA Combating Counterfeit Drugs report (FDA, 2004) and in the FDA (food) Carver+Shock risk modeling software questionnaire (CFSAN/FDA, 2007a). 0 To enable additional flexibility, the model can be used without the known counterfeiting or diversion factor for a product or a product category. This is effective if a sample of products may include some that have known infiingements and others that do not have evidence of known infiingements — if known infiingements were included as a factor, the known infiingement products would always score a higher Counterfeit Product Risk Model. Concept Statement 2B—2: The full range of factors includes: Counterfeit-History, Counterfeit-Ability, Counterfeit-Attractiveness, Counterfeit-Hurdles, and Market Profile. These points support the Concept Statement. 0 This research has resulted in two sets of root factors that are intended to cover the full range of factors (mutually exclusive and collectively exhaustive) that lead to a counterfeit risk. 106 0 Known infiingements - past history of counterfeiting or diversion of the product or the product category (same type of product but another brand) 0 Root factors — specific for the product and supply chain - The root factors are: 0 Counterfeit-History (history of counterfeit or diversion) O Counterfeit-Ability (easy to copy, easy to dupe the consumer or customs) O Counterfeit-Attractiveness (value to volume ratio, profitability per unit) 0 Counterfeit-Hurdles (security, countermeasures) 0 Market Profile (for example, the consumer demographics and psychographics, legitimate supply chain, illicit supply chain, use of contract manufacturers, sales process, etc.) - The characteristics of the product and supply chain (authorized repackaging, internet sales, secondary wholesalers, consumers seeking non-deceptive counterfeits, etc.) are included in the Market Profile root factor. 3 -3 -4 Proposition 2C Proposition 2c — It is logical to use a mathematical summary fimction to total the sub- factors into one overall factor value, or several factors to one overall probability value. Each matrix includes a “Summary Function” (for example, A+B+C+D=D) which enables the multiple factors to be totaled into one overall value. The weighting of the factors should be determined by the specific user since each set of factors is potentially uni 9‘13 for each product, company, and industry. In the “Function to Summarize to Total” in Figure 5, the variable a represents th e probability rank (V H, H, M, L, VL) of the first factor (1. Counterfeit-History), and so 107 on for variables “B” to “E.” Variable “F” is the probability rank for the “Total Rank,” which was the average of the probability rank of the five factors. The “Function to Summarize to Total” formula, weighting, and “Total Rank” are detertnined by an Expert Panel. Considering the previous review of the nature of the data and the warnings about keeping the analysis useable for the modelers, using this manual (heuristic) process is supported, and preferable for few experiments. The formula can use common spreadsheet “Logic Function” combined with a “Matching Text” function to automate the “Total Rank.” For example, the logic function earl identify the rank (since the “X” would be in one of the VH, H, M, L, VL categories) and feed that into the formula as a binary number (0, 1). An example of using the automated, mathematical model based “Total Rank” derivation is included in Appendix E - The process for developing the Summary Function should be generated by an exPert panel, and the process documented. Each factor was defined by factor specific Sub— factors which are presented in Figure 5. Probability Very . . Very Hi ! High Medrtun Low Low TOtal Rank x W Function (for example) L A+B+C+D+E=F ] l - /C\°untcrfcit-History X 2 - 3 Counterfeit-Ability x 4 ‘ Counterfeit-Amctiveness x I S ‘ :Ollnterfeit-Hurdles X \ Ial‘ket Profile X Flgu re 5. Example of Factors Defining Probability for the Overall Counterfeit Risk 108 Concept Statement 2C-1: It was logical to use a mathematical summary function to total the risk to one rank These points support the Concept Statement. - Each matrix includes a “Function to Summarize to Total” (for example, A+B+C+D=E) which enables the multiple factors to be summarized into one rank. It was recommended that this function be determined by the specific user since each set of factors was potentially unique for each product, company, and industry. - The process for developing the Summary Function should be generated by an expert panel, and the process documented. Each factor was defined by factor specific sub-factors which are covered next. 3 -3 - 5 Proposition 3 Proposition 3 — It is logical to define each factor as a group ofsub-factors, and to define th 6 root factors by data or reference. To provide additional insight on the factors, it is logical to break them down to sub— factors (Figure 6). As was stated in Section 2.1 above, it was not efficient or efi‘ectiVe to identify common sub-factors that would cover all counterfeit products. The sub.- faCtors are to be identified and ranked by an expert panel by the users of the model. To insure process transparency, the derivation of the sub-factor ranks should be supported by references to reports or data, or at least expert opinion. W The root factors are broken down into three (or more) Sub‘ faCtors, to further define the risk. Due to the many potential variables, it was not efli Ci ent to identify sub-factors that are specific to all products and supply chains. For S a1lalysis, the formula A+B+D=D considers the risk rank for Sub-Factor 5.1 (a), Sub- 109 Factor 5.2 (b), and Sub-factor 5.3 (c) to determine the Total Rank for the Factor 5. Market Profile. In this example, the Total Rank was “Medium.” The following support the Concept Statement. a. Breaking the concept down to smaller and more precise pieces leads to a greater understanding of the underlying drivers. 0 Due to the nature of specific products, categories and distribution systems, it was not efficient to standardize sub-factors for the overall Counterfeit Product Risk Model. This states that it is valuable to see the detail of a completed CPRM analysis but not to standardize the sub-factors in the general model. 0 Published literature and reports (Chapter 1) recommend that expert panels be assembled to identify the pertinent sub-factors. - This process should be simple, efficient, and effective in the hazard identification stage of risk assessment. Factor 5. Market Profile ¥ Very High High Medium Low Very Low I Total Rank X ¥ ‘ Summary Function (for example) I A+B+C=D S - 1 Contract Manufacturing X 5 - 2 S ingle Distributors per Country X 5 - 3 Re-Furbished Market X Fis ub‘factors list for example) gun-e 6- Example of the Sub-Factor Derivation of the Market Profile Factor Concept Statement 3-2: It was recommended that the sub-factor ratings be d - Lved through a quantitative matrix (Figure 7). Each number will be referenced to a (lat a Set or at least to expert opinion of how the rank was established. This makes the 110 h 32 ard identification stage of risk assessment process efficient and effective. These points support the Concept Statement. - To develop a rank of the sub-factors, a data table was created. «- Due to the nature of specific products, categories and distribution systems, it was not efficient to standardize this content for all products. This states again that it is valuable to see the detail of a completed CPRM analysis but not to standardize the sub-factors in the general model. - It was recommended that an expert panel be assembled to identify the sub-factors and to derive the ranking of the sub-factors. Factor 5. Marketing/ Sub-Factor 5.3 - Re-Furbished Market Very High High Medium Low Very Low LTotal Rank X S um mary Function (for example) =B Rank Reference/ comment Very High 1000 Units Per report A High 100 Units Per report A Probability Medium 10 Units X Per report A Low 1 Unit Per report A Very Low 0.1 Unit Per report A Figure 7. Example of Sub-Factor Derivation, with Data of the Market Profile Subfactor 5.3 An expert panel should be used to complete the spreadsheet that is shown (Figure 7) illcluded, and to feed (also referred to as a “roll-up” or “cascade” (Howick, Eden et al., 200 8 )) the results up to the previous spreadsheets (Figure 5 and Figure 6) to build to the overall Counterfeit Product Risk Model. For this analysis, the formula a=b considers the ri Sk rank for the derivation of Sub-factor 5.3 (c), and directly enters that rank as the Total Ra h k for the Sub-Factor 5.3. In this example, the Total Rank is “Medium.” 111 3-4 Model Development Summary This Chapter covered the Counterfeit Product Risk Model development, including a scri es of propositions that helped shape each step of the development. The root concepts of anti-counterfeit strategy, risk analysis and risk models were covered in the prcvi ous Research Analysis Chapter. 112 4 - (l EXPERT SURVEY 4 - 1 Methods — Expert Survey An expert panel was presented with a survey to obtain feedback and insight on the Counterfeit Product Risk Model. The expert panel was selected to represent a wide range of industries, products, functional groups, company sizes, and levels in the organizations. The Expert Panel Survey was conducted in one of three ways, face-to-face, on a conference call, or with the rater reading the PowerPoint and answering the Word document survey. In each survey, a five-slide executive summary PowerPoint was presented to the subjects prior to the survey being answered. The expert panel was selected specifically to provide broad-industry and high- level executive insight on anti-counterfeit strategy and risk assessment. A sample size of thirty (30) was proposed (thirty-three were actually used) since this number would not allow a few surveys to skew the overall results (C-STAT, 2008b). The propositions were originally developed through a review of literature and With peer consultations. The survey was designed to insure that the propositions of the model were logical. The survey utilized bivariate (yes/no, agree/disagree) responses. A scaling method such as a Lippert Scale (e.g. rate agreement from “1 strongly agree to 5 strongly d' . . 1S'f‘lgl‘ee”) was not used srnce the survey intent was to define only strong agreement or s tl‘ong disagreement. By forcing strong agreement or strong disagreement, the intent of the S‘ll‘vey was to motivate more extensive comments. The comments by the diverse and 113 expert panel would be very valuable to the nuance of the propositions and of counterfeit risk assessment. The use of “it is logical to...” in the survey questions was selected to even further challenge the Expert Panel with such a definitive phrase. As with choosing the extreme bival'iate responses versus a Lippert Scale, the intent of the survey was to motivate more extensive comments. A less definitive description, such as “acceptable,” may not have forced the high-involvement and self-assessed expert panelists to state a certain position of strong agreement or strong disagreement. Since the group consisted of senior personnel who are very involved in risk or anti-counterfeit strategy (as is evidenced in the assessment of expertise question summarized in Table 16) there was no apprehension that tlle expert survey participants would be influenced to agreeing with “it is logical”. This section presents the survey (Figure 8). 114 urvey Question 1 — Subject Classification 8) Title: C / VP / Dir / Mgr Industry: Food / Pharmaceutical / Financial / Ins / Law / Retail / Assn / Academic/ Other b) S ize Revenue: +353 / 1-513 / lOOM-lB / lO-IOOM / -lOM SurVey Question 2 — Subject Expertise Please rank your level of familiarity or expertise in these areas on a scale of 1—5, with 1 being low . and 5 being high. N/A can be used for not applicable. - Each survey member was selected for specific expertise in areas that contribute to the research. . FOCUS AREA (SURVEYOR SELF-ASSESSMENT) (5 is high) a) RJsk, Risk Assessment, and Risk Models (1,2,3,4,5) 1;) Insurance, Financial, or Legal Risk Management (1,2,3,4,5) c) Food, Product or Asset Brand or Packaging Management (1 ,2,3,4,5) d) Food, Product or Asset Protection (1,2,3 ,4,5) 6) Food, Product, or Asset Law (1,2,3 ,4,5) f) Corporate Security (1,2,3,4,5) g) Anti-Counterfeit Strategy and/ or Risk Models (1 ,2,3,4,5) Survey Question 3 - Proposition 1 - Assess Type of Model a) The probability versus severity matrix, using qualitative ranks, and focusing on the probability portion is a logical starting point for the Counterfeit Product Risk Model. (agree, disagree, comments) b) Are there any other references or examples that would support this “assess the type of model” development? c) Are there any additional comments, thoughts, suggestions, or questions that we should consider? Survey Question 4 — Proposition 2a — MECE Factors It is logical to break down the overall Counterfeit Product Risk Model to a mutually-exclusive, 3) . comprehensively exhaustive (MECE) set of factors. (agree, disagree, comments) b) Are there any other references or examples that would support this development? C) Are there any additional comments, droughts, suggestions, or questions that we should consider Survey Question 5 — Proposition 2b - Specific Factors a) For the factors, it is logical to use: Counterfeit-History, Counterfeit-Ability, Counterfeit- Attractiveness, Counterfeit-Hurdles, and Market Profile. (agree, disagree, comments) 1") Are there any other references or examples that would support this development? C) Are there any additional comments, thoughts, suggestions, or questions that we should consider \ Survey Question 6 — Proposition 2c — Summary Function a) It_ is logical to use a mathematical summary function to summarize the risk to one rank. (agree, b) d lsagree, comments) c) Are there any other references or examples that would support this development? Are there any additional comments, thoughts, suggestions, or questions that we should consider S:- h , a) e): Question 7 - Proposition 3 — Sub-Factors It IS logical to define each factor in light of sub-factors, and to define the root factors by data or b) reference comments. (agree, disagree, comments) .3) Are there any other references or examples that would support this “model building” development? Are there any additional comments, thoughts, suggestions, or questions that we should consider? P y Question 8 — Discussion 1eElse comment on the discussion points (agree, disagree, comments) 1 \re there any other references or examples that would support this “type of model” development? <3) ‘ \1 e there any additional comments, thoughts, suggestions, or questions that we should consider? Fi gure 8. The Expert Panel Survey Questions Based on the Propositions 115 4- 1 -1 Statistical Analysis of the Survey Data Survey question one and question two included demographic information that was co 1 1 ected from the anonymous survey participants. The information was gathered to assess the applicable insight of the survey participants. Survey question one included the demographic information gathered in the survey example above, and included title, industry, and company revenue. Survey question two included a self-assessment of expertise in areas that are applicable to risk, the counterfeit threat, corporate security, 1 aw, or packaging. These two questions were gathered for background information and were not statistically analyzed. The statistical analysis utilized an “assessing agreement” concept (C-STAT, 2 00 8b). Since the data was in high agreement, it was appropriate to review all the responses as a total number rather than by each of the six data questions. If the data had been in less agreement it would have been more appropriate to analyze each question individuany (Fitzmaurice, 2002b; Sim & Wright, 2005). To review the overall agreement of the surveys with the research propositions, two null hypotheses were proposed and the results are presented in Chapter 3. - Null Hypothesis One: Agreement with the propositions - For the survey participants, tl'lere is no positive agreement with the propositions. - Null Hypothesis Two: Agreement more than random - For the survey participants, there is no more agreement than might occur by random chance. 4 ‘ 1 -2 Null Hypothesis One — Agreement with the PrOpositions To address Null Hypothesis One, the “observed proportion of overall agreement”, 01‘ ‘ c positive agreement,” method was utilized (C-STAT, 2008b; Fitzmaurice, 2002a, 116 2002b; Spitzer & Fleiss, 1974). In this method the overall positive proportion (“Po+” or e‘Ppos”) was given by the following expression (Equation 2) which is adapted to the data chture of this research and is given by the following expression (Fitzmamice, 2002b), PM = A / N*n (2) Where “A” is the total responses in agreement with the question, “N” is the number of questions and “n” is the number of raters. The result is a numerical expression flex!) 0 to 1. The interpretation of agreement utilizes the information in Table 12 and was developed through the work of several researchers before assembly into the table and does not include a “perfect agreement” level (Cohen, 1960; Gwet, 2001; Sim & Wright, 2005). The final table is from Sim & Wright (2005). Table 12. Interpretation of Agreement for Expert Panel Survey Results Kappa Interpretation <0 No Agreement 0.0 to 0.20 Slight Agreement 0.21 to 0.40 Fair Agreement 0.41 to 0.60 Moderate Agreement 0.61 to 0.80 Substantial Agreement 0.81 to 1.00 Almost Perfect Agreement This method uses the kappa function (addressed below) and does not traditionally use Confidence intervals, standard deviations or other statistical analysis (Cohen, 1960; E‘?il‘:21'llaurice, 2002b; Spitzer & Fleiss, 1974). Classical statistical methods do not apply to is SeSsing agreement since the research results are agree/ disagree/ comment. While the an . SV"V€:rs could be converted to numbers there is no logical way to determine an analytical 117 average or a deviation (Capra & Canale, 1998). Also, there is no normal distribution associated with the dichotomous (yes/no) results. Since the survey results were in such close agreement, the total responses for the questions will be reviewed in “total” rather than by individual question. 4 - 1 .3 Null Hypothesis Two - Agreement more than Random To address Null Hypothesis Two, the “Fleiss’-Kappa” method of assessing agreement was utilized (C-STAT, 2008b; Cohen, 1960; Fitzmaurice, 2002b; Fleiss, 1971; F l eiss & Cohen, 1973). The statistical concept of “kappa” is an index of expected ageement due to chance alone (Cohen, 1960; Fitzmaurice, 2002b). The Fleiss’-Kappa assessing agreement measure is designed for categorical rating (e- g - identifying a specific illness from a group or a bivariate response such as yes/no and not for a range such as a Lippert Scale such as a “1-5 rating” continuum of the magnitude of agreement) agreement among several raters, whereas other methods, such as Cohen’s— I(ii-IDIDa, are traditionally focused on comparing agreement between two raters. Kappa is given by the following expression (Equation 3) (Fitzmaurice, 2002b), “k”= Po - Pc/ 1 - Pc (3) The “k” factor is kappa. P0 is the proportion of overall agreement. Pc is the proportion of overall agreement due to chance. The denominator, 1 — Pc, is the 2:11 ax iInum agreement above chance and the results are presented in a numerical expr - 99 ° 39 cc essron fiom -1 to 0 to 1 (from complete disagreement, to no excess agreement b eand that of chance” to “perfect agreement”) (Fitzmaurice, 2002b). 118 4-2 Expert Survey Results and Discussion The Expert Panel Survey was conducted to gain insight and feedback on the C ounterfeit Product Risk Model. The expert panel was selected to provide a broad and tl—lorough review of the packaging, product protection, counterfeit, and risk disciplines. The companies or organizations that were included in the panel are involved in doing risk assessment and/or developing anti-counterfeit strategy. The companies were identified fiom industry and academic suggestions, and the final selection was based on providing a wide-range of perspectives for both risk assessment and anti-counterfeit strategy. The individual panelists were selected by their companies or organizations due to their applicable insight and expertise. In some cases the anti-counterfeit strategy subject m atter expert was identified from the outset. In other cases, the researcher worked with Several company representatives to identify and recruit the most appropriate panelist. In eaCh case, the subject was approved to participate in the survey. The requirement for Se] ection as a panelist was determined by balancing a broad and deep perspective on the Counterfeit Product Risk Model. This perspective was achieved, as evidenced by the Summary of the panelists in Table 13 (Title), Table 14 (Industry), Table 15 (Company I{e"enue), and Table 16 (Expertise). The companies or organizations that were included in the panel are involved in Olng risk assessment and/or developing anti-counterfeit strategy. The mdrvrdual D an elists were selected by their companies or organizations due to their applicable insight 3‘6 expertise. 119 The research goal was to validate the counterfeit risk, to review existing models or concepts, to confirm a series of propositions that will assist future researchers, and to conduct statistical analysis on the survey inputs. 4 -2.1 Subject Classification Responses — Title, Industry, Revenue, and Subject Expertise Regarding the “Subject Classification — Titles”, the inclusion of high-level executives who are aware of, and versed in their company’s enterprise risk assessment and anti-counterfeit strategy, was deemed to be especially important (Table 13). Table 13. Subject Classification — Title of the Expert Survey Subje[0]cta S uney Question 1 — Subject Classification 2.. Table: C/ VP/ Dir/ Mgr Number Chief-Level-Officer/ Partner 6 V ice-President 1 l imam lO met/Engineer 6 HAL 33 Regarding the “Subject Classification — Industry,” industry coverage including finarlce, insurance, law, risk theory, and a range of consumer products (Table 14). 120 Table 14. Subject Classification - Industry of the Expert Survey Subjelolcts /——S—:nirvey Question 1 - Subject Classification 1). Industry: Food / Pharmaceutical / Financial / Ins I Law / Retail I Assn / Academic! Other Number FFood/Beverage 6 Pljarmaceutical/ Healthcare/ Medical Device 8 F inancial 1 Insurance 1 Law 2 Retail 3 Association 2 Academic 1 Other 9 Other-Supplier 1 Other-Consumer Packaged Goods 1 Other-Original Equipment Manufacturer 4 Other-Consumer Electronics 2 Other-Software 1 TOTAL 33 .\ _ Regarding the “Subject Classification — Company Size”, it was especially i1171130rtant that the company size coverage include large (Fortune 500) corporations who haditionally have more management resources to apply to more precise portions of their business. The range of companies also included smaller companies that added value to the overall perspective of the research due to their market niche or expertise. In some cages, such as specialty law firms, the company revenue is relatively lower, compared to I 3 roduct manufacturers. 121 Ta ble 15. Survey Classification - Company Revenue of the Expert Survey Subje[0]cts F S nrvey Question 1 — Subject Classification c - Company Revenue: +353 (5000)/ l-SB (1000) / 100M-1B (100)/ 10- 1 00M (10)/ -10M (1)] NA Number >558 (Fortune 500) 16 $ 1 —SB (Fortune 500-1500) 6 S 1 COM-$1B 5 s l OM-$100M 3 <$ 1 0M 0 NA (Assn or Academic) 3 TOTAL 33 This section covers the results and discussion of the Subject Expertise questions. Expert Status is defined as the raters’ self-assessment on a scale of 1 to 5 (5 being high) (Table 16). T‘ble 16. Results of Survey Question 2 - Subject Expertise (Self-Assessment) for the Expert Survey S ‘- bjcflllcts Average Survey Question 2 — Subject Expertise (Ranked l,2,3,4,5 with 5 Self- Expert (4 or 5) m Highest) Assessment Self-Assessed Us, Risk Assessment, and Risk Models (1 ,2,3,4,5) 3.5 17 .b\.lnsurance, Financial, or Legal Risk Management(l,2,3,4,5) 2.6 9 c ‘ Food, Product or Asset Brand or Packaging Management &3AS) 3‘7 21 Law, Product or Asset Protection (1,2,3,4,5) 3.6 22 New, Product, or Asset Law (I ,2,3,4,5) 2.7 8 t‘~\(zorpomtc Security (1,2,3 ,4,5) 3 ll mun-Counterfeit Strategy and/ or Risk Models (1,2,3,4,5) 3.1 11 At least one-third of the raters expressed expert status for each question. It was Qt surprismg that the average Subject Expertlse rating was moderate (around three) smce “3 Wide range of industries represented by the raters would not lead to high expertise in 122 al 1 areas. Due to the make-up of the industry representation, it was not surprising that brand, packaging and protection areas had so many experts and a high average as sessment. With anti-counterfeit strategy being a relatively newer concept, it was somewhat surprising that there was such high average expertise. 4 - 2.2 Statistical Analysis - Propositions, Survey Results The statistical analysis of the survey is reviewed here. The survey raters responded with agree, disagree, comment, or no response. Since “no response” or ‘ ‘comment” neither signified agreement nor disagreement, these last two responses were considered in a separate, single, third category. For assessing agreement, only “Agree” was used for the affirmative response. The survey results emphasize that the Counterfeit Product Risk Model is logical and practical for industry and agencies. The survey responses are summarized in Table 1 : - 123 Ta ble 17. Survey Results of the Expert Survey Subje[0]cts {t No Answer/ Question (N =33) Agree Comment Disagree S urvey Question 3 - Proposition 1 —- Assess Type of Model 31 1 1 Survey Question 4 — Proposition 2a — MECE Factors 27 4 2 Survey Question 5 - Proposition 2b - Specific Factors 33 0 O S urvey Question 6 - Proposition 2c — Summary Function 31 2 0 Survey Question 7 - Proposition 3 - Sub-Factors 32 l 0 Survey Question 8 — Discussion 32 1 0 TOTAL 186 9 3 4 -2.3 Null Hypothesis One - Agreement with the Propositions N 2411 Hypothesis One: Agreement with the propositions - For the survey participants, th ere is no positive agreement with the propositions. To address Null Hypothesis One, the “observed proportion of overall agreement” In ethod was utilized (Fitzmaurice, 2002b; Spitzer & Fleiss, 1974). This process, di Scussed in the Methods (presented in Section ## to ##), assesses the overall agreement betWeen many raters on dichotomous (agree/disagree) type surveys. For the thirty-three SI"~1‘\’eyors, the “observed proportion of overall agreement,” or “positive agreement,” is 0 r 93 which is interpreted as “almost perfect agreement (C-STAT, 2008a). The results 124 reject Null Hypothesis One and supports that the survey subjects agree with the Counterfeit Product Risk Model, and that the results can be interpreted as an “almost perfect agreement.” 4.2.3.1 Null Hypothesis Two - Agreement more than Random Null Hypothesis Two: Agreement more than random - For the survey participants, there is no more agreement than might occur by random chance. To address Null Hypothesis Two, the “Fleiss-Kappa” method was utilized (Cohen, 1960; Fleiss & Cohen, 1973). This method (presented in section ## to #) assesses the agreement more than on a random basis of raters for dichotomous (agree/disagree) type surveys. For the thirty-three surveys, the “F1eiss’-Kappa” number was 0.90, which is interpreted as “almost perfect agreement” (C-STAT, 2008a). This result rejects Null Hypothesis Two and supports the concept that the agreement is more than what would be expected by random chance, and the results are interpreted as an “almost perfect agreement” between the survey subjects. 4.2.3.2 Summary Utilizing “assessment agreement” statistical analysis, the positive agreement for the thirty-three surveys was 0.93 or an “almost perfect agreement” and the Fleiss’-Kappa was 0.90 or an “almost perfect agreement.” Thus, the results indicate that the survey raters statistically agree with the propositions and the Counterfeit Product Risk Model. The fill] raw comments are included in the Appendix C. 125 4.2.4 Comments for Question Three — Assess Type of Model The comments for question three supported using the probability versus severity matrix, qualitative factors, and focusing on the probability portion of the probability versus severity matrix. An interesting insight was that some companies do “baseline” anti-counterfeit (e. g. holograms) or product protection (e. g. tamper evidence) actions for all products. Any anti-counterfeit or product protection initiatives above that “baseline” would need to be justified, compared with all activities (operations, marketing, advertising, new product development, etc.) across a brand or company, considering the return-on-investment. The model can be used to compare counterfeit risk across products, whether they are known counterfeited products or not, or even if they are products that have not yet come to market. Specifically, there was a comment that the Counterfeit Product Risk Model could be used as a preventative measure, to evaluate food economic adulteration risks. The comments emphasized the importance of providing a theoretical justification for got using quantitative processes such as FMEA. The theoretical justification will help with some companies specifying the use of the traditional risk or quality assessment tools. Regarding the emphasis on qualitative ranks, one comment was that “[It] is also IOgical to use qualitative descriptions for the final ranks since the 'data' is based on assumption and not actual tests, which you can do for F MEA.” 126 The comments support the methodology used and standardization employed in the Counterfeit Product Risk Model. Not going directly to a quantitative model is helpful, in that it is important to clearly define the factors and the derivation of each factor. That the model and process need to be continually updated for emerging threats. 4.2.4.1 Comments for Question Four - MECE Factors The comments supported using mutually-exclusive and comprehensively- exhaustive (MECE) factors, though there was concern that too much rigidity in the process or model could cause emerging risks to be overlooked. One anti-counterfeit expert rater noted “It is very hard to force the many aspects of the counterfeit threat into finite categories, and you may miss some of the real issues.” Another anti-counterfeit strategy expert rater noted “[MECE] is difficult to accomplish, however, since factors will often intersect and have overlapping cause and effect relationships. On an informal assessment of risk factors, what seems illogical to the brand owner may in fact be a good business proposition to the counterfeiter.” These comments support the methodology and standardization in the Counterfeit Product Risk Model. A continuing theme of the comments was the importance of clearly defining the factor definitions and the derivation of the factors. 4.2.4.2 Comments for Question Five - Specific Factors The comments supported using the specific factors of Counterfeit-History, Counterfeit-Ability, Counterfeit-Attractiveness, Counterfeit-Hurdles, and Market Profile. These comments further support the methodology and standardization in the Counterfeit Product Risk Model. The comments noted a continuing theme which was to clearly state the factor definitions as well as the derivation of the factors. 127 For example, “From years of experience in anti-counterfeit, these five categories cover the range of counterfeit and diversion factors. I have not seen such a detailed and complete list of factors. Excellent.” There was the same concern as for the MECE question, regarding losing some model sensitivity by forcing characteristics into specific factors. Also, there were comments that these five factors could be combined into fewer categories, such as “history,” “ease of entry,” and “profitability.” More, and fewer, categories were considered, but the combination of these five factors and sub-factors is simple and yet detailed. Adding a layer of hierarchy would complicate the practical implementation of the model. The use of an expert panel to specifically define the factors and the derivation of the factors reduces concerns that companies or agencies might have. Also, the factors are defined by the sub-factors, so any specific area of concern would be defined when assigning the sub-factors. For example, if the level of contract manufacturing is a concern, that specific characteristic can be placed into a sub-factor in “Counterfeit- Hurdles” and then the sub-factor helps define the factor. The comments supported the methodology and standardization in the Counterfeit Product Risk Model. 4.2.4.3 ~ Comments for Question Six - Summary Function The comments further support the methodology development and standardization of the Counterfeit Product Risk Model, specifically using an expert panel derived mathematical formula to decide on the “Total Rank” of the overall probability, the factors and the sub-factors. There were a few responses that did not “agree” with the question, due to concerns with how the mathematical formulas would be derived. Also, there was 128 concern that the formulas (as well as the factors or sub-factors) could become inflexible and hinder the value of the model. Some raters felt that it was important to not force the results to numbers too early. The rater was comfortable that numbers were used for the summation, but that qualitative results are used in the matrix. This will not be an issue since general risk assessment methodology recommends continually monitoring the changing risks. Also, the model building process emphasizes using an expert panel to make sure the model works for the specific product or company. One comment directly addressed the findings hour the literature review, that the traditional operational or quality control process, FMEA simply cannot be accurately applied to the counterfeit risk. Again, the use of the expert panel was supported by the following statements in the survey comments “Using expert panel is the way to look at this risk, we attempt to use some modeling plus SME (subject matter expert) insight. Mostly SME [subject matter expert, and official designation in some companies or agencies].” There was a continuing concern with quantitative measures possibly obscuring risks. “1 think the mathematical summary would directionally predict the potential risk, but it still leaves a chance that a lower ranked risk could be a problem.” The comments further support the methodology and standardization in the Counterfeit Product Risk Model. 4.2.4.4 Comments for Question Seven — Sub-Factors The comments supported the methodology and standardization in the Counterfeit Product Risk Model, and specifically the use of sub-factors and of clearly documenting 129 the derivation of those sub-factors. The comments clearly supported not defining common sub-factors for all products or industries. “These categories can be quite squishy if you do not clearly define them. Also a straight interpretation for all industries or all products is very difficult and probably dangerous.” “There are just so many subjective breakdowns you can make before they become bias. It is not clear you need sub-factors.” Another rater noted that the extra step of using sub-factors was novel and helpful. “It is excellent to define the factors by the sub-factors. We have not gone to that detail and this is very helpful when discussing the details of the prediction with decision makers.” The comments further support the methodology and standardization in the Counterfeit Product Risk Model. Specifically the raters embraced the concept of further refining of the factors to sub-factors. It was also noted that referencing specific reports or methods of deriving the sub-factors would give credibility to the overall ranking of the factors and the overall counterfeit risk probability. 4.2.4.5 Comments for Question Eight — Discussion Section The comments further support the methodology and standardization in the Counterfeit Product Risk Model. The comments included: “I believe you need to follow a proven methodology as a beginning point then maybe tailor the survey/tool or instrument to a specific industry, product, etc.” And specifically in support of the scholarly overview and theoretical defense of the model: “I am constantly challenged by no academic work in this counterfeit risk area - that is challenged by managers asking for 130 methods and for my trying to develop the tools” and “There are very generally accepted attempts at the analysis from other disciplines, but no theoretical justification.” The comments further support the methodology and standardization in the Counterfeit Product Risk Model. The expert panelists agreed with the general and the specific steps presented. 4.2.5 Expert Survey Summary The survey resulted in “almost perfect agreement” with the propositions for the Counterfeit Product Risk Model using a very representative expert panel. The raw comments provided excellent insight and support of the propositions. 131 5.0 CASE STUDY A food ingredient company (referred to as “CSFI”) was confidentially engaged to conduct this case study to demonstrate the use of the Counterfeit Risk Model (Model). A series of interviews were conducted to solicit background information, to gain insight from a company expert panel, and to discuss both the working of the model and the results. The company manufactures branded food ingredient products in a single-use “form” combined in a multiple-unit primary package selling unit. The product is sold by business-to-business (B2B), business-to-consumer (BZC), and also there is evidence of selling by consumers-to-consumers (C2C) on websites such as “e-Bay.” The privately held company was started between 1985 and 1995 and has revenue in the $5M-$20M range. The company has global distribution of their product in both the bulk and finished form, and manufactures 95% of their product in one, US based facility. 5.1 Methods The researcher visited the company and conducted follow-up interviews with key personnel to gather background and specific information on the CSF I operations (procurement, manufacturing, distribution, customer service, and others) and the marketing (competitive products, sales process, distribution, retailing, and others). The researcher and the key company contact (the Vice-President responsible for brand integrity) developed the preliminary CFSI data that would be entered in the Counterfeit Risk Model (Model). 132 The researcher and key contact developed the first versions of the completed Model which were presented to the company expert panel (the full leadership team) and used this larger corporate group as the gathered expert panel. The expert panel discussed the sub-factors, sub-factor derivation, sub-factors that were not included at this time (and which would be used for future possible review), the summary formulas, and the overall results of the Counterfeit Risk Model. The expert panel chose to narrow the details of the product, geography, and channel. 0 Product: A specific CSFI branded, packaged product that is sold by anyone directly to consumers (B2B, BZC, or C2C), including all forms of the product and all package styles including promotional items or special packs. 0 Market Geography: The specific geography was for sales in the US. 0 Market Channel: The specific market channel was actually all channels including wholesale, retail, on-line retail, and auction sites (e-Bay, etc). . 5.2 Results The Model was used with CFSI data and presented in an overall counterfeit risk in Table 18 (the table is at the end of this section and the full analysis is in Appendix E). To protect the identity of the company, the sub—factor derivation descriptors (identifying why a sub-factor was very high, high, medium, low, or very low) was recorded as “tbd” (to- be-determined) and the sub—factor derivation comments were modified to protect the confidentiality of the company. The result of the Counterfeit Risk Model was that CSF I has a “Low” probability of counterfeit risk because: (1) 95+% of product is manufactured at one proprietary 133 location on proprietary equipment, (2) the company has comparably low volume combined with advanced packaging and product features that are somewhat complex to duplicate, and (3) the company monitors product in the marketplace including online C2C. Regarding the Factors and Sub-Factors, it should be emphasized that it is up to the expert panel to define how sub-factors are arranged and weighted. Unique production, supply chain, marketing, retailing, or consumer factors may not be apparent to someone outside the company. Details of the “Factors” are included here. 0 Counterfeit-History. This Total Rank was “low” since there are no known counterfeit products, there is little evidence of diversion of product outside the legitimate supply chains but there is some risk since related, lower premium priced products, are known to be counterfeited and diverted. These points lead to a “Low” rank because CSFI is very diligent in monitoring the market and has no evidence of counterfeit product and very little diverted product. 0 Counterfeit-Ability. This Total Risk was “Medium” since the basic product form is fiequently counterfeited but not “High” since CSFI uses very unique and complex packaging that would increase challenges for counterfeiters. These points lead to the increased “Medium” rank because even though there is a no evidence of counterfeiting of this product, there is a high likelihood that counterfeiters have the capabilities to attack. 0 Counterfeit-Attractiveness. The Total Rank was “Low” even though the product has a premium price of two to five times more than the generic version of the product. 134 Tight supply chain monitoring and supply chain relationships make it hard to place counterfeit product in the legitimate supply chain. These points lead to a “Low” rank because even though there is a high profit-margin between the cost of generic goods and the CSFI product, there are many supply chain actions that make it difficult for counterfeiters to get, and keep, product in the legitimate supply chain. 0 Counterfeit-Hurdles. The Total Rank was “Low” since there are many functional packaging features (tamper-evidence, child-resistance, print carton tape, and others), as well as other supply chain controls. These points lead to a “Low” rank because these actions lead counterfeiters to need more complex production or packaging, or they must overcome supply chain controls. (For continuity in the model, “low” is good, so “Low” in this rating means that there are a many or complex hurdles, which lead to a “Low” risk.) 0 Market Profile. The Total Rank was “Low” since very brand loyal consumers are fairly price insensitive and pursue reputable sources of supply, and 95%+ of the production and warehousing is in-house. These points lead to a “Low” rank because the consumer does not go looking for good deals from un-reputable sources, and with in-house production there is little risk of unauthorized production or co-mingling by contract manufacturers. 5.3 Case Study Summary The Counterfeit Risk Model was successfully used to review a company’s Specific counterfeit risk attributes. The process of completing the Counterfeit Risk Model provided a mechanism to gain corporate consensus and set clear direction for effective countermeasures in product development, regulatory affairs, customer service, 135 and legal strategy. The sub-factor derivation discussion and analysis was valuable to allow reproducing the analysis in the future and to consider how new knowledge of emerging threats change the overall risk. Reviewers not involved in the process may perceive that some Factors or Sub- Factors overlap, but there was agreement by the Expert Panel. Bringing the expert panel together was useful since it brought issues to light/ discussion in a very focused review of the counterfeit threat, so that the overall company more clearly understands their actual risks. CFSI considered the process efficient to conduct the risk assessment and as an internal communication tool. 136 Table 18. Case Study Overall Counterfeit Risk for CFSIloI Case Study: Confidential Food Company Bolded Box = Data Entry 1. Overall Counterfeit Risk Probability "= 3 00 E a .5: 3 .3 :9 “a": ‘3 3 s > 2 :> (1) 95+% of product is manufactured at one proprietary location, (2) The company has comparably low volume R 1 combined with advanced packaging and Total X product features that are somewhat complex to duplicate, (3) the company monitors product in the marketplace includingflrline C2C J actors Summary Function: A +B+C+D+E=F [ 1 All equal, manual derivation ¥ No known counterfeits, little diversion, 1 . Counterfeit-History 0 0 0 X 0 but related lower premium product are faked The product and from are frequently 2 - Counterfeit-Ability 0 0 X 0 0 counterfeited, but unique feature reduce .‘ risk . This is a premium product with $2-5x 3 - Counterfert- . . . . . Attractiveness 0 0 0 X 0 generlc pncrng, but tight supply chain ‘ controls High hurdles for counterfeiters, in terms 4 . Counterfeit-Hurdles 0 0 0 X 0 of pkg features, tight supply chain, and \ monitoring Brand loyal consumers, price insensitive, 5 . Market Profile 0 0 0 X 0 pursue reputable sources, and in-house \ production 137 6.0 CONCLUSION Companies and agencies constantly struggle to quantify the magnitude of the counterfeit threat from both a global and a specific product perspective. Although there are many examples of the dangers of product counterfeiting, the nature of the counterfeiters and counterfeiting makes it difficult or even impossible to determine the quantitative hard data on the risk. Specifically, analysis of the risk, risk model literature review, in combination with peer-consultation, established a foundation for the Counterfeit Product Risk Model and for the supporting non-quantitative analysis. It is not practical to conduct quantitative or classical statistical tool-based risk assessments for the counterfeit threat because the results can not be theoretically supported. This research set out to break new ground by presenting an overview of the product counterfeiting threat as a starting point for the development of a practical, useful and publically available, Counterfeit Product Risk Model. This research used a very broad, very interdisciplinary perspective that led to inlportant theoretical justifications, such as using a probability versus a severity matrix, qualitative ranking, and the language of enterprise risk management. Many current anti- <=<>unterfeit research projects are extensions of existing research (with a narrow focus that is not all-encompassing) or are so theoretical in nature that theyare not applicable (e.g. Very complex models that are not all-encompassing). This analysis and the development of the model, provides a unique and practical approach in implementation of anti- counterfeit strategies. 138 This type of research analysis and model have not been presented previously by other researchers for several reasons: the extremely interdisciplinary nature of the strategy; the fact that the hard data is elusive or non-existent—current industry actions are usually confidential and agency actions are usually classified; broad risk assessment is still evolving; and a risk-based approach to regulation and legislation is only beginning to be applied to risks that are very real but very qualitative and hard to evaluate. Packaging is a logical starting point for this anti-counterfeit research, since the most efficient anti-counterfeit actions are packaging components, but there are many other disciplines that are equally important in an anti-counterfeit strategy. Critical disciplines Which should be considered in an all-encompassing, strategic perspective on deterring counterfeiting, include Criminal Justice, Supply Chain, Risk Management, Social Anthropology, Consumer Behavior, Health Risk Communication, Retailing, Intellectual Property Rights Law, Food Law, Health Care (Medicine, Nursing, etc.), Public Health, Political Science, International Trade Relations, and many more. Since this is probably no more than ten percent of any one academic discipline, it is not surprising that there is a lack of research focus and leadership in the area of anti-counterfeit strategy. It was important that this research stepped back fi'om current research paths and reViewed the basic propositions that went into an anti-counterfeit strategy. This then, was established as the first step in developing a Counterfeit Product Risk Model. It was also important to review risk analysis and risk models, in general, instead of following the c1lI‘r-ently established quantitative and mathematical model driven research paths. The ITIDA and USDA are trying to implement more qualitative risk assessment methods where appropriate, but tradition and the comfort level of the researchers often forces 139 quantitative outputs. Review of the broad, interdisciplinary research in this area was important for development of the propositions which led to the development of the Counterfeit Product Risk Model. The research analysis and model are intended to be a starting point that can adapt to emerging insights in the science of risk and lead to a clearer understanding of the actions of the counterfeiters. Discussions with industry representatives and agencies have underscored the importance of the basic research performed; as well as to more broadly validate anti-counterfeit strategy as an academic pursuit. Support for this research has come from academia, industry, agencies, and associations. A scholarly platform has been established for future research and for activities in anti-counterfeit strategy. 6.1 For Further Research The very nature of developing propositions for this research established a base for future research and model refinement. The logical next step is to use the model to gain insights, refine usability, and to present procedures for practical implementation. As the model is used in practice, more detailed risk-based and classical statistical tools could be uSed to better support anti-counterfeit strategy decisions. Valuable insights could be gained fiom running the model for various industries and by conducting reviews of inter- illclustry best practices. Any future research should be combined with the evolving Enterprise Risk Management practice and with case studies to both understand and support how financial aIlti-counterfeit strategic decisions are being made within companies and agencies. Another important — probably the epicenter of all future anti—counterfeit strategy research 140 — is exploring the behavioral aspects of “the chemistry of the crime” and “the chemistry of consumer consumption.” Finally, there should be an ongoing review of both the basic propositions and the model, itself, with refinements implemented as necessary. 141 APPENDICES 142 APPENDIX A — Results of Expert Survey Question (N =33) Q3 Q4 Q5 Q6 Q7 Q8 Agree 31 27 33 31 32 32 No Answer/ Comment w A 0 ~ Disagree O 81118.1129 81020.1413 >> >> 81024.1031 81023.1357 81027.0909 81027.1014 81105.0904 81024.1633 81104.1535 81104.1442 >>>>>>>>>> N >>>>>>> 81104.1403 U 81030.1753 > 81105.1643 ('5 81106.1128 81029.0832 81118.1318 81107.0914 >>>> 81113.0221 O 81114.1307 > 81114.1221 O 81114.1821 U 81114.1556 81114.1503 81117.1553 81118.1026 81114.1405 >>>>>>>>>>>>>>>>>>>>>>>>>> .— 81117.0840 U 81118.1022 81118.1359 >> >>>>>>>>>>>>>>>>>>>>>>>>>>>>> O 81119.1200 O 81120.1203 >>>>>>>>>> 81120.0916 O 81115.0808 >>> > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> O >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>> Note: Question 1 and 2 were background information and not survey data. Note: The Survey Identifier is the year (2008 is “8”), the month (November is “11”) the date (twenty-fourth is “24”) and afler the decimal place is the time on a 24-hour clock. 143 APPENDIX B — Raw Statistical Analysis Table 19. Raw Statistical Analysis-Inputs and Overall Agreement 1 Inputs 1 1 1 1 1' I _ _ ,_ 1 1 I I 1 _, Ache"? 1 .w . 1 _ - I L... _ . - ...i_--. _v - ‘ L _ ___=_ _ 6 Number of Qiestions __1 1____ _ 1n_=_ _ 33 Number of Raters - 1 i: ______k:=_ _ 3 Nunber of Answer types (Agree Dlsagree NA" or Comment) 1 ;N*n 198 Total Answers 1- i “ l ' T "' - ‘ * 1-- 1 JI. -_____ -1- _ 1 1 1. Survey Response Data (Noteidata as of 1_1/_2/__2008, fourteen raters) _ ' 1 fi_ 1 j ___1 1 Answer'l’lpes (k) 1 _ 1 _ -- _,- 1 1 Questions (N) Agree NA/ None Disagree ___ f 1 1 - _fl 4 - ___________3__ 31 1 1 _ _- 1 ___ _ __ _ ' 4 27 4 2 _ , _ _ _ _ __ ; 5 33 0 0 .. _)__ 1__ ______ ___ __ o 31 2 0 _j __ ___ __ _ _j j 7 32 1 o - V r - _# ___ 11 i s 32 1 o _ 1 _ - g _ 1 ' Total 186 9 3 - 1 _ _ II. Positive Agreement A. Observed Proportion of Overall Agreement (Po) _ 1 3* ___"; _: --_-- _— _ _:: Formila= LProportion pos_it_iv_e(t_ota1)/ total answers 1 — Hfi— :: (Total /9) / N*n 1,— _— 41L ___ Mat—.__“.s— 1—— ————— ———— ........... _. _. _ _ __ - 1:1—:__ 1 7 _ _1 71 - _1 1Anaswer Types (k) __ I- 1 :1“- F _w — _ : _ h :11 1____ glee NA/ None Disagree _ . 1 _ 1 P0 = 0.9394 0.0455 0.0152 Should be 0 to 1 g - l _- ._ _ --.-.._. _ -...1 LB. Proportion of Agreement due to Chance(Pc) 1 1 1 1 i __‘—- 1T"; - T M— —" _' 1: - Feawlai 1.1/Answer laps JET/E. -1 P 1 i .1. _ ___ i H .1 -.... _ -.' -__ __ ___- . .__-.- -- _ . _ -. - - ._ 1' - - - - - 1 _ _ 1A_ns wer Types___ (k) __ __-_-_.-..- fi -—+-+— __ ALe NA/ None Disggree __ _ 1 _1 , __ Pc = 0.3333 0.3333 0.3333 Should _be Qto 1_ j 1C. Pmponion ma age-.as; (1353.7 'i:1'1—:_ ‘_ 1:: if g _ _ 1 fl ‘ 1; The percent that agrees with the ___p_ posal, l_n_ CLUE case_Po_l_ _ 1 - _ _ Should be 0tol -__-._..__._. _ ,1 .. _ _ -__- I _ Ppos = 0.9394 = "Almost Perfect Agreement 144 Table 20. Raw Statistical Analysis-Inputs and Overall Agreement I 11. Kappa The measure of variability in the data, namely adjusting for chance agreement Should be -1 to 0 to 1 Formula= k = P0 - Pc 1 - Pc k= Po - Pc 1 - Pc 0.9394 - 0.3333 1 - 0.3333 1 k= 1 0.9091 1 "Almost Perfect Agreement" 145 APPENDIX C - Survey Responses — Raw Comments Note: Survey questions 1 and 2 were background information and not comments were collected. 3. Survey Question 3 - Proposition 1 - Assess Type of Model 0 It is good to get your arms around probability since severity is very specific to a company's risk appetite. For example they may all have a moral high point that they first try to achieve, and then they look at ROI above that. 0 I continually hear from industry that they are at a loss on how to predict which of their ingredients and supplies are at risk and what the possible adulterants could be. Additionally whether there are any methods to detect/test for the possible adulterants. FDA used this approach. The risk field is interested in the practical implementation of qualitative models to emerging risks - this is important work. 0 If probability includes some measure of frequency and if severity includes a measure of consequence, or if frequency and consequence are otherwise captured. Probability should include consistent likelihood ranges that will cover the continuum of potential scenarios. Severity should also have well defined and understood consequence ranges. The matrix must be simple to understand and use. 0 Confiscated goods, reported occurrences 0 Similar matrices are used for workman's comp/ injuries; based on hours worked and number of injuries. 0 Agree, however most anti-counterfeit programs begin as a result of counterfeit activity, therefore the risk matrix analysis occurs after the problem has begun. o Might make sense to also survey actual known occurrences to predict future behaviors - e.g. If someone found value in a specific area, they may do so again even if that area did not come out of the model as a high risk category. 0 These emerging risk studies include high/ medium/ low, and I like adding very high and very low as the far extremes. / Severity is a different thing that is very specific to corporations or even to operating companies. Also a challenge to even conduct the analysis - if we find one counterfeit product, is that .0001% or 1%? If it is intern additive vs. a deadly compound, and does the risk impact brand damage, death, or costs of investigating our entire supply chain. / We find our other risk or safety experts trying to force FMEA type analysis, but it just doesn't work - it is just not suited for this problem. 0 We look at costs/ risks in three categories: safety, brand equity, and actual final loss - but this is really severity not probability. It is very hard to create a matrix that mixes each type of loss since we have ways we usually mitigate each category. 0 Our first screen is brand/fmancial consequence to the organization. Once high, medium and low financial impact products are determined, then this matrix makes sense. 0 I would be interested to know the frequency of known counterfeit situations in multiple industries to better understand how probability is determined. // Other suggestion is to include information on black market potential for food items and what drivers make some products more attractive for counterfeiting. o This shows where we would want to protect against and not necessarily where we would be counterfeited o It might be useful to factor in references or examples of comparable models that rely on other factors along with a brief description of how the other models fundamentally differ from the proposed model (assuming such alternate models exist). 0 makes sense to me to start here, but it is sometimes the least expected areas that are hit 146 4. Survey Question 4 — Proposition 2a - MECE Factors Overlap causes confusion It seems like that has to be the first step before other approaches are considered. It is very hard to force the many aspects of the counterfeit threat into finite categories, and you may miss some of the real issues. Effective risk analysis is dependent on risks being defined by MECE factors. This is difficult to accomplish however since factors will ofien intersect and have overlapping cause and effect relationships. On an informal assessment of risk factors, what seems illogical to the brand owner may in fact be a good business proposition to the counterfeiter. (Note: agree) Health/ wellness indicator models may fit into this category Sure, but recognize that the counterfeiters do not put much thought into their decisions. It is simply a factor of product popularity and ease of replication. Tough to suggest unless all know influences were known, and they rarely are all known. The comprehensive list of factors can never be entirely exhaustive unless multiple sources are compared and combined to assure the broadest exposure possible. The definitions will continue to need to be reviewed since the risks and definitions keep changing as the counterfeiters adapt. Of course you'd like to try to have all the factors be very distinct but many overlap or are dependent... but it is still best to try. factors often have impact on each other in the real world It seems logical, but I’d like to see the assumptions used and explanation of factors that were used to predict counterfeit possibility. logical, yes, but not necessarily practical not sure what all the MECE factors are (note: agreed below) 5. Survey Question 5- Proposition 2b- Specific Factors This would probably be considered under Ability or Attractiveness- but it seems like on could consider Opportrmity. Could the chemical nature of certain food ingredients be cross linked with other chemicals that are produced cheaply in other industries that could lend themselves to opportunistic adulteration? The availability, cost, geographic proximity to production, and other factors could come into play. You could also consider shock in your market profile (Note: this would be included in Food Defense/ Carver+Shock models) Definitions of terms is unknown thus difficult to agree or disagree. Is Counterfeit-Attractiveness a function of Counterfeit -Hurdles and Market Profile? For a specific product Counterfeit-Hurdles are high and Market Profile is poor would the Counterfeit-Attractiveness necessarily be low? If so the factors are not MECE. Another example of the interdependency between the factors, (making them not MECE), would be the relationship between Counterfeit History and the other factors. Occurrence of counterfeiting in the past is most likely dependent on counterfeit-ability, counterfeit-attractiveness, etc. I am assuming that the items listed above would be buckets for which various elements would be listed within each. Clear concise definitions would need to be established for each category.// Other models could be NFPA/ Zurich/ Factory Mutual formats for fire loss Perfect, covers them all. These are the factors we consider now. Same comments as 3. I think this is a good starting point From years of experience in anti-counterfeit actions and deterrence, these five categories cover the range of counterfeit and diversion factors. I have not seen such a detailed and complete list of factors. Excellent. An issue is that these are subjective, for example where would covert inks go. But this is defined by the sub-factors. / It is important to consider the type of action, such as counterfeit (pass as legitimate product) or knock offs (consumers figure it is fake/ stolen). in addition to use sales/ revenue as well 147 6. 7. Ability and attractiveness could be considered together since they are very intertwined. It is interesting what we see counterfeiters focusing on to decide what to fake, for example the large scale counterfeiters look for chronic products (products taken continually) not remedial (immediate effect). Definitely will need expert panel to refine the details. Agree assuming hurdles include covert technology and historical impact on ability to prosecute. More information on past counterfeit situations with explanation of the drivers that led to these situations would be helpful Can it be boiled down to, or have, major buckets of 1. easy of entry and 2. profitability Agree - Tylenol was a big national brand and if it was CVS brand aspirin, it would not have gotten the same attention. . ..therefore I believe Market Profile is an important factor. Do you consider price points of a product as part of the Market Profile? An item that retails for $0.99/unit is not the same as something like baby formula that sells for $30/unit. Survey Question 6 - Proposition 2c - Summary Function Not familiar with it. I think this makes sense. There should be more than one since there are multiple factors (NOTE: originally noted as "disagree" but there are, so it is actually agreement) When using FMEA's there is a rating of 0-1- and it is logical to rank in this model - but it is also logical to use qualitative descriptions for the final ranks since the 'data' is based on assumption and not actual tests, which you can do for FMEA. Don't know - would have to see variables and formula Generally accepted method for risk ranking. Rank would be effective and useful until the counterfeiters learned the process then used the profile to reassign/ use the matrix to their advantage. Could also see, depending on the amount of categories and weight of each, a common score - result should provide insight on how an item is suggested to be handled... if everything is a high, all efforts would be in vain. Would be nice, as long as the financial benefit is included. Using expert panel is the way to look at this risk, we attempt to use some modeling plus SME (subject matter expert) insight. Mostly SME. need to capture soft or other tangibles when deciding overall approach If the weighting is correct and can apply across categories. It might be useful to factor in references or examples that expose any generally accepted shortcomings or flaws that may exist with respect to using a mathematical approach, assuming any such references exist Partially agree. . ..I think the mathematical surmnary would directionally predict the potential risk, but it still leaves a chance that a lower ranked risk could be a problem Survey Question 7 - Proposition 3 — Sub-Factors These categories can be quite squishy if you do not clearly define them. Also a straight interpretation for all industries or all products is very difficult and probably dangerous. For example, a company may actually have more control of a contract manufacturer than of their own facility. Not familiar with it. There are just so many subjective breakdowns you can make before they become bias. It is not clear you need subfactors. (Note: "agree" if the sub-factors are not predetermined for all products) Agree, depending upon how allocated Important that the root factors are defined by consistent likelihood ranges that will cover the continuum of potential scenarios and consequence ranges which are well defined and understood. If the objective is to arrive at a single numerical value, it will be important to weight the sub factors appropriately and to identify a common scale to use among the sub factors. Once comments are added in - there is a level of subjectivity that may cloud the results; the listing of root factors/ comments should be predefined and consistent/ selectable if applicable but same for each product. 148 It is excellent to define the factors by the sub-factors. We have not gone to that detail and this is very helpful when discussing the details of the prediction with decision makers. This process is flexible enough to address specific corporate initiatives and the changing nature of the risk. It would be interesting to see a food safety risk profile versus our prescription pharmaceutical profile... or other product for that matter. Generally agree, but need more information to better understand the relationship of sub—factors and how this was determined 8. Survey Question 8 — Discussion This could definitely be used in the HACCP risk assessment step, and most companies do not really to any emerging risk assessment whatsoever. Your company needs to decide what level of risk it is willing to accept, and not thinking about it is a decision. Also, it is kind of a psychological thing thinking that these things are such low probability, but the high severity is where you really get into trouble. I believe you need to follow a proven methodology as a beginning point then maybe tailor the survey/tool or instrument to a specific industry, product, etc. (Note: strongly supports this methodology) Counterfeiting risk depends upon potential margin mark-up of counterfeited goods. Thus, low priced items with large potential mark-up (e.g. Clorox @100% markup and easy preparation/ marketing) is more attractive than Bulova watches w/ 40% markup and difficult logistics. In general there is agreement that the methodology and factors presented are a logical way to assess counterfeit risk. If additional detail were provided to describe the specific factors and examples of subfactors were included to illustrate the evaluation process, this would be of benefit in the analysis. Because of the dynamics of economics/ developing technologies etc... the system built should be dynamic enough to add/ change data to update levels. From the counterfeiter’s point of view: 1. brand popularity, 2. product popularity, 3. ease of duplication, 4. ease of entry (due to active or passive brand protection from industry). // I would also like to see the impact the economy has on the counterfeit business. I would imagine that business (counterfeit) would be stronger than ever? The model might serve well to consider other factors besides pure counterfeiting, e.g. tampering, diversion, over labeling, up labeling, etc. All can play a role in feeding the counterfeit supply chain. I am constantly challenged by no academic work in this counterfeit risk area - that is challenged by managers asking for methods and for my trying to develop the tools. There are very generally accepted attempts at the analysis from other disciplines, but no theoretical justification. I like the approach as people often look beyond the qualitative aspects and focus on data driven/quantitative information to make informed decisions. We run a relative risk (with severity). I definitely like the idea of thinking things through holistically across all industries - the retailers will all want one system. It may be a logical approach but you are attempting to measure human motivation to commit a crime, which is ofien discounts/ignores logical factors I generally agree with mathematical models in predicting or quantifying an outcome, but I would like to get more information on the rational for the determination of these various factors and sub-factors and how this influences the outcome See comment for question 3 (This shows where we would want to protect against and not necessarily where we would be counterfeited) Great place to start. . ..In all my dealings with a lot of brand managers, this item still seems to be low on the priority list. It seems like consumer good companies that have high priced items are aware and try to take measures (put security tags on products for example), but below a certain price point it falls below package appeal for the consumer and product protection. 149 APPENDIX D — Case Study Roll-Up Detail This appendix includes the Counterfeit Product Risk Model background spreadsheets that were used in the Case Study. The data rolls-up from “III. Sub-F actor Derivation” up to the “1. Overall Counterfeit Product Risk.” Table 21. Case Study Overall Counterfeit Product Risk, Summary Case Study: Confidential Food Company 1. Overall Counterfeit Risk Bolded Box = Data Entry Probability Very High "Eb .— :l: Medium Low Very Low Total Rank (1) 95+% of product is manufactured at one proprietary location, (2) The company has comparably low volume combined with advanced packaging and product features that are somewhat complex to duplicate, (3) the company monitors product in the marketplace including online C2C Factors Summary Function: A+B+C+D+E=F l I All equal, manual derivation l. Counterfeit-History No known counterfeits, little diversion, but related lower premium product are faked 2. Counterfeit-Ability The product and from are frequently counterfeited, but uniqre feature reduce risk 3. Counterfeit- Attractiveness This is a premium product with $2-5x generic pricing, but tight supply chain controls 4. Counterfeit-Hurdles High hurdles for counterfeiters, in terms of pkg features, tight supply chain, and monitorinL 5. Market Profile Brand loyal consumers, price insensitive, pursue reputable sources, and in-house production 150 Table 22. Case Study Factor 1 Counterfeit-History, Summary 11. Factors and Sub-Factors l:l Bolded Box = Data Entry Factor 1. Counterfeit-History '55 B E f, .5 a 3 r E g 3 s > > No lmown counterfeits, little diversion, but related 1 Total Rank X lower premium product are faked Summary Function: I I A+B+C=D . All equal, manual entry 1.1 Known Counterfeits 0 O O 0 X No Known Counterfeit Incidents 1.2 Known Diversion! Pallets 0 O 0 0 X Some diversion, small scale, one-off 1.3 Related Product Counterfeit O X 0 O 0 Related products are counterfeited Table 23. Case Study Factor 2 Counterfeit-Ability, Summary Factor 2. Counterfeit-Abili '5 3 E :5 .5 3 .3 s a ‘3 3 e :> 2 > The product and from are frequently counterfeited, Total Rank X but unique feature reduce risk [ Summary Function: A+B+C=D I 1 All equal, manual entry I 2.1 Product/ Bulk Counterfeit X 0 0 0 0 Product and from counterfeited often 2.2 Package! Case 0 0 X 0 0 Other counterfeiting, but unique features 2.3 Supply/ Enter Genuine Market 0 O 0 X 0 Difficult to entegenuine market en masse 151 Table 24. Case Study Factor 3 Counterfeit-Attractiveness, Summary Factor 3. Counterfeit-Attractiveness in a, g 3 {I} .. 3 g a ‘3 3 g > 2 :> This is a premium product with $2-5x generic Total Rank X pricinLMght supply chain controls Summary Function: A+B+C=D j lAllgual, manual entry 3.1 Brand Premium vs. Fake Cost X 0 O 0 Premium product 52-5x generic 3.2 Supply Chain/ B2B, B2C, C2C 0 O 0 X 0 Very little in online marketplace, even C2C 3.3 Supply Chain/ Monitoring 0 0 O X 0 Active monitoring and relationships Table 25. Case Study Factor 4 Counterfeit-Hurdles, Summary Factor 4. Counterfeit - Hurdles '5, 3 E 55, .5 3 .3 r ='= “g 3 s > > High hurdles for counterfeiters, in terms of pkg Total Rank X features, tight supply chain, and monitoring Summary Function: A +B+C=D J I All equal, manual entry 4.1 Package: TE/CR Features: 2+ 0 O 0 X 0 2 TFJCR on primary pkg, more on others 4.2 Package: Printing/ Aesthetics 0 O 0 X 0 Complex, precision printing & special pkg 4.3 Marketplace investigation 0 O O X 0 Product form counterfeited 152 Table 26. Case Study Factor 5 Market Profile, Summary Factor 5. Market Profile 4"- B .99 E m g, .a 3 .3 r a ‘3 3 r > 2 > Brand loyal consumers, price insensitive, pursue reputable sources, and in-house Total Rank X production 1 Summary Function: A +B+C=D I I All equal, manual entry 5.1 Consume/ ggoing consume 0 0 O X 0 Brand loyalty, consumer pkg awareness 5.2 Consumer Price Sensitivity 0 0 0 X 0 Brand loyalty, pursue reputable sources 5 .3 Contract Manufacturing/ promo 0 0 0 X 0 95% production in-house, 100% promo/ kits Table 27. Case Study Factor Derivation, Counterfeit-History, Sub-factor 1.1 III. Sub-F actor Derivation A. Factor 1. Counterfeit-History Factor 1. Counterfeit - History] Sub-Factor 1.1 [1.] Known Counterfeits 153 Total Rank Very Very HigL High Medium Low Low No Known Counterfeit O O 0 0 X Incidents LSummary Function (for exam =B Very High tbd :5 nigh tbd g Medium tbd 5 [DW tbd No known counterfeit Very Low tbd X incidents Table 28. Case Study Factor Derivation, Counterfeit-History, Sub-factor 1.2 Factor 1. Counterfeit - History/ Sub-Factor 1.2 L12 Known Diversion/ Pallets Total Rank Very Very High High Medium Low Low 0 0 O O X Some diversion, small scale, one-off I Summary Function (for exam 1e) =B Very High tbd :3 it}: tbd 3 Medium tbd 5 LOW tbd Some diversion, but not en masse/ Very Low tbd X not pallet or shipping container loads Table 29. Case Study Factor Derivation, Counterfeit-History, Sub-factor 1.3 Factor 1. Counterfeit - History/ Sub-Factor 1.3 I 1.3 Related Product Counterfeit Total Rank Very Very _High High Medium Low Low 0 x o 0 0 Related products are counterfeitedJ I Summary Function (for exam 1e) A= Very High tbd Q Standard quality product 3 _High tbd X -° Medium tbd 5 Low tbd Very Low tbd Table 30. Case Study Factor Derivation, Counterfeit-Ability, Sub-factor 2.1 B. Factor 2. Counterfeit — Ability Factor 2. Counterfeit - Ability/ Sub-Factor 2.1 [2.1 Product/ Bulk Counterfeit Total Rank Very Very H'gh High Medium Low Low X 0 O O 0 Product and from counterfeited oftenJ I Summagy Function (for exam Ie) =3 3‘ Very High tbd X E flgh tbd Product and form counterfeited ofien, _8 Medium tbd Two Product forms - 80% in a simple 2 LOW tbd but with very recognizable coloring Very Low tbd and printing 154 Table 31. Case Study Factor Derivation, Counterfeit-Ability, Sub-factor 2.2 Factor 2. Counterfeit - Ability/ Sub-Factor 2.2 [2_.2 Package/ Case Total Rank Very Very High High Medium Low Low 0 O X 0 O Other counterfeiting, but unique featuresj I Summary Function (for exam le) =B 3‘ Very High tbd i5. High tbd 3 Medium tbd X Product and form counterfeiting common, E 10‘” tbd but specific features lead to more Very Low tbd challenge Table 32. Case Study Factor Derivation, Counterfeit-Ability, Sub-factor 2.3 Factor 2. Counterfeit - Abllity/ Sub-Factor 2.3 I 2.3 Supply/ Enter Genuine Market Total Rank Very Very High High Medium Low Low 0 0 O X 0 Difficult to entegenuine market en masse I I Summary Function (for exam le) =B b VerLHigh tbd a High tbd .o . .8 Medium tbd Single cases of product could be swapped E LOW tbd X out by insiders, but most product is shipped Very Low tbd direct to distributors or retailers Table 33. Case Study Factor Derivation, Counterfeit-Attractiveness, Sub-factor 3.1 C. Factor 3. Counterfeit - Attractiveness Factor 3. Counterfeit - Attractiveness] Sub-Factor 3.1 I 3.1 Brand Premium vs. Fake Cost Total Rank Very Very iigh High Medium Low Low X 0 O O 0 Premium product $2-5_xgeneric I I Summary Function (for exam le) A= Very @h tbd X 5 1m. tbd g Medium tbd E Low tbd Very Low tbd This is a premium brand with $2-5x generic 155 Table 34. Case Study Factor Derivation, Counterfeit-Attractiveness, Sub-factor 3.2 Factor 3. Counterfeit - Attractiveness/ Sub-Factor 3.2 I 3.2 Supply Chain/ 3213, B2C, C2C Total Rank Very Very _Iiigh High Medium Low Low 0 o o x 0 Very little in online marketplace, even czcfl I Summary Function (for exam le) A= Very High tbd 5 _High tbd 3 Medium tbd E LOW tbd X Very little product on general B2B, B2C, Very Low tbd and C2C online markets Table 35. Case Study Factor Derivation, Counterfeit-Attractiveness, Sub-factor 3.3 Factor 3. Counterfeit - Attractiveness! Sub-Factor 3.3 [3.3 Supply Chain/ Monitorig Total Rank Very Very _High High Medium Low Low 0 0 O X 0 Active monitoring and relationships I Summary Function (for exam le) A= Very High tbd 5 Bligh tbd 3 Medium tbd 5 LOW tbd X Rigorous supply chain monitoring, quality Very Low tbd control checks, distributor relationships etc. Table 36. Case Study Factor Derivation, Counterfeit-Hurdles, Sub-factor 4.1 D. Factor 4. Counterfeit - Hurdles Factor 4'. Counterfeit - Hurdles/ Sub-Factor 4.1 [4.1 Package: TE/CR Features: 2+ Total Rank Very Very iigh @h Medium Low Low 0 O O X 0 2 TE/CR on primary pkhmore on others 3 I Summary Function (for exam le) =B Very High tbd 5 are tbd g Medium tbd E LOW tbd X 2 TE/ CR features on primary package plus Very Low tbd 2 more on other packaging 156 Table 37. Case Study Factor Derivation, Counterfeit-Hurdles, Sub-factor 4.2 Factor 4. Counterfeit - Hurdles/ Sub-Factor 4.2 {4.2 Pachage: Printing/ Aesthetics Total Rank Very Very High High Medium Low Low Complex, precision printing & O O O X 0 special pkg Summary Function (for exam le) =B 3' Very High tbd a High tbd .o . .8 Medium tbd Complex, precise, vibrant printing as 5 LOW tbd X well as a unique and very high Very Low tbd quality bottle Table 38. Case Study Factor Derivation, Counterfeit-Hurdles, Sub-factor 4.3 Factor 4. Counterfeit - Hurdles/ Sub-Factor 4.3 I 4.3 Marketplace investigation Total Rank Very Very High High Medium Low Low 0 0 O X 0 Product form counterfeited I Summary Function (for exam le) A=B Very list; tbd 5 Hi h tbd «1 __g . Two Product forms - 80% in a simple 3 Medrurn tbd but with very recognizable coloring E LOW tbd X and printing, Active supply chain Very Low tbd monitoring Table 39. Case Study Factor Derivation, Market Profile, Sub-factor 5.1 E. Factor 5. Market Profile Factor 5. Marketing/ Sub-Factor 5.1 FSJ Consume/ Ongoing consume 157 Total Rank Very Very High High Medium Low Low Brand loyalty, consumer pkg 0 O 0 X 0 awareness Summary Function =B 3‘ VerLHigh tbd :3; flh tbd Long-term product, very brand loyal .3 Medlum tbd consumers who are aware of the E Low tbd X package/ printing (several examples Very Low tbd of consumer contacts) Table 40. Case Study Factor Derivation, Market Profile, Sub-factor 5.2 Factor 5. Marketing/ Sub-Factor 5.2 £2 Consumer Price Sensitivity Total Rank Very Very High High Medium Low Low Brand loyalty, pursue reputable O 0 O X 0 sources Summary Function A=B V H' tbd Q Hiery 18h tbd the customers seek good deals but ‘1 —g , only from reputable sources. This is .3 Medium tbd a high tech product and the high ,8 LOW tbd X percent of brand loyal customers are Very Low tbd dedicated to the brand. Table 41. Case Study Factor Derivation, Market Profile, Sub-factor 5.3 Factor 5. MarketiniSub—Factor 5.3 I 5.3 Contract Manufacturing promo 158 Total Rank Very Very High High Medium Low Low 95% production in-house, 100% 0 0 0 X 0 promo/ kits Summary Function =B Very High tbd :5 High tbd g Medlum tbd 95% of production in-house and in one 5 low tbd X facility. 100% of promotional and Very Low tbd special kits are assembled in-house APPENDIX E — Case Study Example of Automated Function As was noted in the main text, considering the previous review of the nature of the data and the warnings about keeping the analysis useable for the modelers, using a manual (heuristic) process it supported, and preferable for few experiments. This appendix includes an example of the final automated output (Table 42) and discussed the summary of the total risk. Several definitions or clarifications are important: The Total Rank is the overall probability of counterfeit risk for a specific product that has been analyzed by an expert panel. The probability is comprised of several categories, which include Very High, High, Medium, Low, and Very Low. The Factors are counterfeit attributes, such as “Counterfeit-History.” The Rank Ranges are the numerical values that specify the categories, such as the Size of the Rank Ranges and the Number of Rank Ranges. The Midpoints of the Rank Ranges are also included. The Summary Function formula used these variables, for example, A+B+C+D+E=F. For presentation simplicity, this experiment is conducted only on the final Total Risk. For presentation simplicity, the “X” was converted to a binary “l ,” and “0” (letter O) was changed to a “0” (zero). 159 The automated summary of the total risk was determined by the following process: 0 To start, the following background calculations were decided (Table 43): 0 Range: Size-Width 0 Range: Size-Number Range 0 Range: Midpoints o The Summary Function formula used this formula and these variables: A+B+C+D+E=F. Variable “A” represents Factor 1, variable “B” represents Factor 2, and so on. Variable “F” is the probability rank for the Total Rank, which was the average of the probability rank of the five factors. Table 42. Case Study Example of Automated Total Risk Determination Categories Very High High Medium Low (L) Very Low (VH) M) (M) (VL) Range: Size-Width (out of five) 0.25 1.5 1.5 1.5 0.25 Range: Size-Number Range 4.75-5.0 3.25-4.75 1.75-3.25 0.25-1.75 0-0.25 Range: Midpoint 4.875 4.0 2.5 1.0 .125 160 Table 43. Model Development — Example of Automated Summary of Total Rank Probability Very . . Very H' h High Medrum Low Low Use a "Conditional Formula" (essentially Total Rank X an "if/ then" statement) to place the "Total Rank" The summary for the five factors, of the rank . multiplied by the mid- Summary F unctron (for . = 1.3 pornt of the Rank example) A+B+C+D+E F Range: VH"‘4.875+H"4+M"2.5 +L*1+VL"'. l 25 1. Counterfeit- 1 History 2. Counterfeit- l Abrlrty . Note: for presentation 3. Counterfert— l simplicity, the "X" was Attractiveness converted to a "l " 4. Counterfeit- l Hurdles 5. Market Profile 1 Background Calculations Probability Very . . Very High Hrgh Medrum Low Low Determined by an Expert Panel, this is . selection is logical if: 2: Rank 0.25 1.5 1.5 1.5 0.25 since Very High and g Very Low are intended to represent very close to 9% and 100%. Number of Rank 325- 1.75- 0.25- Ranges 5'0'4'75 4.75 3.25 1.75 0'0‘25 Midpornt of Rank 4.875 4 2.5 1 0,125 Ranges than the other factors Summary Function with Factor 1 rated as 5x more important 5A+B+C+D+E=F 161 REFERENCES 162 18 USC Sec. 1963, Title 18, Part 1, Chapter 96. (2006). CHAPTER 96 - RACKETEER INFLUENCED AND CORRUPT ORGANIZATIONS, Sec. 1963. Criminal Penalties. Retrieved. from http://uscode.house.gov/uscode— cgi/fastweb.exe?getdoc+uscview+tl 7 t20+93 2+O++%28real%20property,%20incl uding%20things%20growing°/0200n,%20affixed%2Oto,%20and%20found%20in %201and;%20%29%20%20%20%20%20%20%20%20%20%20. 21 CF R 120. (2003). Code of Federal Regulations, TITLE 21--FOOD AND DRUGS, CHAPTER I--FOOD AND DRUG ADMINISTRATION, DEPARTMENT OF HEALTH AND HUMAN, SERVICES, PART 120-—HAZARD ANALYSIS AND CRITICAL CONTROL POINT (HACCP) SYSTEMS. Retrieved February 17, 2007, from http://www.cfsan.fda.gov/~lrd/FCF120.html Acheson, David. (2007a). Food Protection, Food Safety and Food Defense. Paper presented at the Association of Food and Drug Officials (AF DO) Annual Conference. from http://www.afdo.ory afdo/Conferences/upload/ 07061 9-Food- l 530%20- %20Acheson%2ONEW%20AFDO%20Food%2OProtection%2OJune%202007_07 0615%20-%20Final.pdf. Acheson, David. (2007b). Vulnerability Assessment Tools. Paper presented at the Global Food Safety and Quality Conference. from http://members.ifi.org/NR/rdonlyres/A3 748A89-71 58-4Al 7-BBFF- 26ACE9697ABC/O/GlobalFoodSafety_Acheson2.pdf. Alcock, Lucy, Chen, Paul, Ch'ng, Hui Min, Hodson, Sarah, & et a1. (2003). Counterfeiting: Tricks and trends. Journal of Brand Management, 11(2), 133. Allan, John. (2006). A Heuristic Risk Assessment Technique for Birdstrike Management at Airports. Risk Analysis, 26(3), 723. Andel, Tom. (2006, July 1). Counterfeit Fighters. Paperboard Packaging, 91, 20-25. Arrui‘iada, Benito, & Vazquez, Xosé H. (2006). When Your Contract Manufacturer Becomes Your Competitor, Best Practice. Harvard Business Review, 84(19), 135- 144. Aven, Terje. (2003). Foundations of Risk Analysis. Hoboken, NJ: John Wiley & Sons, Inc. Balfour, Frederik. (2005). Fakes! The global counterfeit business is out of control, targeting everything from computer chips to life-saving medicines. It's so bad that even China may need to crack down. Business Week(39l9), 54-64. 163 Banks, Erik. (2005). Catastrophic Risk: Analysis and Management. Hoboken, NJ: John Wiley & Sons, Inc. Bialik, Carl. (2007a). Efforts to Quantify Sales of Pirated Goods Lead to Fuzzy Figures [Electronic Version]. Wall Street Journal On-line. Retrieved February 19, 2007 from . Bialik, Carl. (2007b, October 19). THE NUMBERS GUY: Efforts to Quantify Sales of Pirated Goods Lead to Fuzzy Figures. The Wall Street Journal, p. B1. Bix, Laura, Clarke, Robb, Lockhart, Hugh, Twede, Diana, & Spink, John. (2007). Global Data Standards in the Healthcare Supply Chain: The Business Case, prepared for The G8] Healthcare Users Group (HUG). Michigan State University, School of Packaging, May 30, 2007. Bogdanich, Walt. (2007a, June 17). F.D.A. Tracked Poisoned Drugs, but Trail Went Cold in China. New York Times. Bogdanich, Walt. (2007b, December 17). Toxic Pipeline, Counterfeit Drugs’ Path Based by Free Trade Zones. New York Times. Bogdanich, Walt. (2008, March 20). Heparin Find May Point to Chinese Counterfeiting New York Times. Bogen, Kenneth T., & Jones, Edwin D. (2006). Risks of Mortality and Morbidity from Worldwide Terrorism: 1968-2004. Risk Analysis, 26(1), 45. Booth, Martin. (1999). The Dragon Syndicates: The Global Phenomenon of the T riads. London: Bantam. Brackett, Robert. (2004). Threat/ Vulnerability Assessment for Foods. Paper presented at the 2004 FDA SCIENCE FORUM, FDA Science: The Critical Path fiom Concept to Consumer, FDA Science Board Advisory Committee Meeting. fiom http://www.fda. gov/ ohms/dockets/ ac/ 03/ slides/4001 s 1 _02_Brackett%20.ppt. Branch, Ken. (2008). Brand Protection Strategy 2008. Paper presented at the Product Authentication and Brand Security Conference (PABSO8). from Hardcopy. Brekke, Brad. (2008, June 21). Organized Retail Theft: Fostering a Comprehensive Public-Private Response. Loss Prevention, 11, 36. Broder, James F. (2000). Risk Analysis and the Security Survey (2nd ed.). Boston: Butterworth-Heineman. Buchanan, Robbert, Dennis, S., & Miliotis, M. (2004). Initiating and Managing Risk Assessments within a Risk Analysis Framework: FDA/CFSAN’S Practical Approach. Journal of Food Protection, 67(9), 2058-2062. 164 Buchanan, Robert. (2004). Principles of risk analysis as applied to microbial food safety concerns. Mitteilungen aus Lebensmitteluntersuchung und Hygiene, 95(1), 6-12. Buchanan, Robert. (2007). Tools for Prioritizing Food Safety Concerns: An FDA Perspective. Paper presented at the Tools for Prioritizing Food Safety Concerns Workshop. from . Buchanan, Robert. (2008). Equivalence and International Comparison of Food Safety Systems - WHO Perspective, Presentation. Paper presented at the Annual Conference, Symposium 81] Best Practices in Global Food Export and Import. from Not Available. Budima, Gjeneza. (2006). Can corruption and economic crime be controlled in developing economies, and if so, is the cost worth it? Journal of Financial Crime, 13(4), 408. Bullock, Karen, & Tilley, Nick. (2003). Crime reduction and problem-oriented policing: Cullompton : Willan. Burgan, Robert E. (2006). Fuel Models and Fire Potential from Satellite and Surface Observations [Electronic Version]. USDA/US Forest Service, Rocky Mountain Research Station,. Retrieved June 20, 2006 fi'om http://www.fs.fed.us/land/wfas/firepot/fpipap.htm. Bush, Laura. (2005). Q9 Establishes Common Terminology for Risk Management. Pharmaceutical Technology, 29(9), 1. Busta, F.F., & Chaisson, CF. (1997). Food Chemical Risk Analysis, Chapter 14 - The philosophy of food chemical risk management. London: Blackie Academic & Professional. C-STAT, Center for Statistical Training and Consulting MSU. (2008a). Review of Research Statistical Methods - Analysis of Results. In J. Spink (Ed.) (Spink Presentation and C-STAT Recommendations ed.). East Lansing, Michigan: Tian Song, MSU Center for Statistical Training and Consulting (C-STAT). C-STAT, Center for Statistical Training and Consulting MSU. (2008b). Review of Research Statistical Methods - Analysis of Surveys. In J. Spink (Ed.) (Spink Presentation and C-STAT Recommendations ed.). East Lansing, Michigan: Paul Curran, MSU Center for Statistical Training and Consulting (C-STAT). C-STAT, Center for Statistical Training and Consulting MSU. (2008c). Review of Research Statistical Methods - Set-up. In J. Spink (Ed.) (Spink Presentation and C-STAT Recommendations ed.). East Lansing, Michigan: Paramita Chakraborty, MSU Center for Statistical Training and Consulting (C-STAT). Capra, Steven, & Canale, Raymond. (1998). Numerical Methods for Engineers (3rd ed.). Boston. 165 CBER/FDA, Center for Biologics Evaluation and Research. (2006). Guidance for Industry - Q9 Quality Risk Management [Electronic Version]. U. S. Food and Drug Administration, Center for Drug Evaluation and Research (CDER), Center for Biologics Evaluation and Research (CBER), , June 2006 fi'om http://www.fdagov/Cber/gdlns/ichq9risk.htm. CDRH/FDA, Center for Device and Radiological Health. (2009). Unique Device Identification (UDI). Retrieved January 12, 2009, from http://www.fda.gov/cdrh/ocd/udi/ Center for Problem-Oriented Policing. (2006, 6/20/06). What is POP? Retrieved May 24, 2007, fi'om http://www.popcenter.org/ Center for Strategic and International Studies. (2005). Security Controls on Scientific Information and the Conduct of Scientific Research [Electronic Version]. A White Paper of the Commission on Scientific Communication and National Security, Homeland Security Program, Center for Strategic and International Studies (CSIS). Retrieved June 2005 from . Cervone, H. Frank. (2006). Project risk management. OCLC Systems and Services, 22(4), 256. CFSAN/F DA, Center for Food Safety and Applied Nutrition. (2001a). HACCP: A State- of-the-Art Approach to Food Safety [Electronic Version]. Retrieved October from http://www.cfsan.fda.gov/~lrd/bghaccp.html CFSAN/F DA, Center for Food Safety and Applied Nutrition. (2001b, September 2001). The A to Z, List of Terms. CFSAN/FDA Website Retrieved February 5, 2007, from CFSAN/F DA, Center for Food Safety and Applied Nutrition. (2005). GUIDANCE FOR INDUSTRY, Submitting Requests, Under 21 CFR 170.39, Threshold of Regulation For Substances Used in Food-Contact Articles [Electronic Version]. U. S. Food and Drug Administration, Center for Food Safety and Applied Nutrition, Oflice of Food Additive Safety. Retrieved April from http://www.cfsan.fda.gov/~dms/torguid.html. CFSAN/F DA, Center for Food Safety and Applied Nutrition. (2007a). Carver+Shock Software Tool, Home Page. Retrieved June 16, 2007, from http://www.cfsan.fda.gov/~dms/carver.html CFSAN/F DA, Center for Food Safety and Applied Nutrition. (2007b). An Overview of the Carver Plus Shock Method for Food Sector Vulnerability Assessments [Electronic Version]. U. S. Food and Drug Administration, Center for Food Safety and Applied Nutrition from . 166 CFSAN/F DA, Center for Food Safety and Nutrition. (2002). Initiation and Conduct of All 'Major' Risk Assessments within a Risk Analysis Framework [Electronic Version]. U. S. Food and Drug Administration, Center for Food Safety and Applied Nutrition. Retrieved 8/23/2007 from http://www.cfsan.fda.gov/~dms/rafw-toc.html. CFSAN/F DA, Center for Food Safety and Nutrition. (2003). Risk Assessment for Food Terrorism and Other Food Safety Concerns [Electronic Version]. U. S. Food and Drug Administration, Center for Food Safety and Applied Nutrition, Office of Regulations and Policy from . CFSAN/FDA, Food and Drug Administration. (2006, July 17, 2006). ALERT: The Basics. Food Defense and Terrorism, Center for Food Safety and Applied Nutrition Retrieved February 5, 2008, from CFSAN/F DA, Food and Drug Administration. (2007c). Guidance for Industry: Cosmetics Processors and Transporters of Cosmetics Security Preventive Measures Guidance [Electronic Version]. U.S. Food and Drug Administration, Center for Food Safety and Applied Nutrition, November 2003 fi'om . CF SAN/FDA, Food and Drug Administration. (2007d). Guidance for Industry: Dairy Farms, Bulk Milk Transporters, Bulk Milk Transfer Stations and Fluid Milk Processors: Food Security Preventive Measures Guidance [Electronic Version]. U.S. Food and Drug Administration, Center for Food Safety and Applied Nutrition (CFSAN). Retrieved February 5, 2008 from . CFSAN/F DA, Food and Drug Administration. (2007c). Guidance for Industry: Food Producers, Processors, and Transporters: Food Security Preventive Measures Guidance [Electronic Version]. U.S. Food and Drug Administration, Center for Food Safety and Applied Nutrition. Retrieved February 5, 2008 fiom . Charlton, Stacy. (2004). CA CCP - Confinement Analysis and Critical Control Points Approach to PMP Production. Paper presented at the USDA/APHIS Gene Confinement Workshop. from . Chaudhry, Peggy E. (2006). Changing levels of intellectual property rights protection for global firms: A synopsis of recent U.S. and EU trade enforcement strategies. Business Horizons, 49(6), 463-472. Christ, Oliver P. (2005). Implementing ISO 14971:2000, Risk management standard has global appeal. MEDICAL PRODUCT OUT SOURCING(J anuary/F ebruary), 46-48. 167 Clarke, Ronald V. (1997). Situational Crime Prevention, Chapter 1. Introduction. In R. V. Clarke (Ed.), Situational Crime Prevention (2 ed.). Guilderland, NY: Harrow and Heston Publishers. Claycamp, H. G. (2006). Rapid Benefit-Risk Assessments: No Escape from Expert Judgments in Risk Management. Risk Analysis, 26(1), 147-156. Claycamp, H. G., & Hooberman, B. H. (2004). Antimicrobial Resistance Risk Assessment in Food Safety. Journal of Food Protection, 67, 2063-2071 . Claycamp, H.G. (2003). A contemporary approach to risk analysis in GFI #152 [Electronic Version]. FDA Veterinarian, 18, 2-5 from http://www.fda.gov/cvm/index/fdavet/2003/jan-feb03.pdf Clemens, Pat L., & Swallom, Donald W. (2005). Summing Risk - An International Workshop and Its Results. Journal of System Safety, 41(6), 21. Clinton, James M. (2008). REGULATIONS & STANDARDS, Determining the key initial steps in risk management [Electronic Version]. In Vitro Diagnostics Technology (I VDI), 16. Retrieved 11/5/2008 fi‘om . Closs, David J ., & McGarrell, Edmund F. (2004). Enhancing Security Throughout the Supply Chain [Full Report]. East Lansing, MI: Michigan State University. Coalition Against Counterfeit and Piracy. (2006). No Trade in Fakes, Brand Integrity Tool Kit US Chamber of Commerce, Coalition Against Counterfeit and Piracy (CACP). Coffin, Bill. (2002). Forecasting Terrorism Losses. Risk Management, 49(11), 8. Cohen, Jacob. (1960). A coefficient of agreement for nominal scales. Educational and Psychological Measurement, 20(1), 37-46. Collins, David. (2004). Brand Protection. Leatherhead, Surrey, UK: Pira International. Congressional Research Service. (2003). Balancing Scientific Publication and National Security Concerns: Issues for Congress [Electronic Version]. Congressional Research Service (CRS), The Library of Congress, CRS Report for Congress, Received through the CRS Web, Order Code RL31695. Retrieved July 9, 2003 from . Cook & Thurber. (2006). Quality, Safety and Security Expectations and Criteria for Manufacturing Facilities of Packaging Materials and Nonfood Items (Revised February 2006 ed.). Ann Arbor, Michigan: NSF International. Council of Europe. (2006). Counterfeit Medicines: Survey Report. Strasbourg: Council of Europe Publications. 168 Counterfeiting Intelligence Bureau. (1997). Countering Counterfeiting. A guide to protecting & enforcing intellectual property rights: Counterfeiting Intelligence Bureau (CIB), International Chamber of Commerce (ICC). Counterfeiting Intelligence Bureau. (2007). Overview of Counterfeiting. Retrieved April 11, 2007, fi'om http://www.icc-ccs.org/cib/overview.php Cramer, Duncan, & Howitt, Dennis. (2004). The Sage Dictionary of Statistics. Thousand Oaks, CA: Sage Publications. Cruz, Marcelo G. (2002). Modeling, Measuring and Hedging Operational Risk. New York, NY: John Wiley & Sons, Inc. Dain, Steven. (2002). Normal Accidents: Human Error and Medical Equipment Design. The Heart Surgery Forum, 5(3), 254-257. deKieffer, Donald. (2006a). Potential Liability for Counterfeit Medications. Journal of Pharmacy Practice, 19(4). deKieffer, Donald. (2006b). Trojan drugs: counterfeit and mislabeled pharmaceuticals in the legitimate market. American Journal of Law and Medicine, 32(2-3), 325-349. Department of Homeland Security. (2007). Agriculture and Food Critical Infiastructure and Key Resources Sector-Specific Plan, as input to the National Infrastructure Protection Plan. DHS, Department of Homeland Security. (2007). Strategy to Enhance International Supply Chain Security [Electronic Version]. Department of Homeland Security, DHS/ HSDL fi'om http://www.dhs.gov/xlibrary/assets/plcy— internationalsupplychainsecuritystrategypdf Dietrich, Ed, Puskar, Erik, Grace, Andy, Allen, Mary Ann, & Schmitt, George. (2006). Considering RFID for Use in the Fight Against Counterfeiting: Coalition Against Counterfeiting and Piracy (CACP), U.S. Chamber of Commerce. DiLonardo, Robert L., & Clarke, Ronald V. (1996). Reducing The Rewards Of Shoplifting: An Evaluation Of Ink Tags. Security Journal, 7(1), 11. Duffie, Darrell, & Pan, Jun. (1997). An Overview of Value at Risk. Journal of Derivatives, 4(3). Eban, Katherine. (2005). Dangerous Doses: How Counterfeiters are Contaminating America's Drug Supply (lst ed.). NY, NY: Harcourt, Inc. Eisenreich, Giinther, & Sube, Ralf. (1982). Dictionary of mathematics (V 01. 1). New York: Elsevier North Holland, Elsevier Scientific Pub. Co. 169 Elsworth, J eff. (2007). Guest Lecture, VM821 Food Protection and Defense, Michigan State University, National Food Safety & Toxicology Center, 9/15/2007. Ericson, Richard V. (2006). Ten Uncertainties of Risk-Management Approaches to Security. Canadian Journal of Criminology and Criminal Justice, 48(3), 345. Etherton, John. (2007). Industrial Machine Systems Risk Assessment: A Critical Review of Concepts and Methods. Risk Analysis, 27(1), 71-82. Etherton, John, Main, Bruce, Cloutier, Dennis, & Christensen, Wayne. (2008). Reducing Risk on Machinery: A Field Evaluation Pilot Study of Risk Assessment. Risk Analysis, 28(3), 711-721. European Commission. (2005). Customs: Commission and Member States step up action against counterfeiting and piracy, PRESS RELEASE [Electronic Version]. European Commission (EC), Reference: IP/05/14 7, Brussels. Retrieved February 17, 2007 fi'om . European Commission. (2006). Summary of Communicy Customs Activities on Counterfeit and Piracy, Results at the European Border - 2006 [Electronic Version]. European Commission - Taxation and Customs Union (EC/TCU) fi'om http://ec.europa.eu/taxation_customs/resources/documents/customs/customs_cont rols/counterfeit_piracy/statistics/counterf_comm_2006_en.pdf. European Commission. (2007). Counterfeit and Piracy [Electronic Version]. European Commission - Taxation and Customs Union (EC/TCU) fiom http://ec.europa.eu/taxation_customs/customs/customs_controls/counterfeit_pirac y/combating/index_en.htm. European Union. (2003). Council Regulation (EC) No 1383/2003. Ofi‘icial Journal of the European Union, 46(L 196), 7-11. FDA, Food and Drug Administration. (1999). Workshop on International Outreach and Training on Good Agricultural and Good Manufacturing Practices for Fresh Produce, Notice of Meeting. Retrieved. fiom . FDA, Food and Drug Administration. (2002). A Safe Food Supply [Electronic Version]. Performance Plan and Summary U. S. Food and Drug Administration from http://www.fda.gov/ope/fy02plan/food.html. FDA, Food and Drug Administration. (2003). Counterfeit Drug Task Force Interim Report [Electronic Version] from http://www.fda.gov/oc/initiatives/counterfeit/report/interim_report.html. 170 FDA, Food and Drug Administration. (2004). Combating Counterfeit Drugs [Electronic Version]. U.S. Food and Drug Administration. Retrieved February 2004 from . FDA, Food and Drug Administration. (2006a). FDA Counterfeit Drug Task Force Report: 2006 Update [Electronic Version]. Retrieved June 8, 2006 from http://www.fda.gov/oc/initiatives/counterfeit/report6_06.htrrrl. FDA, Food and Drug Administration. (2006b). Prescription Drug Marketing Act Pedigree Requirements; Effective Date and Compliance Policy Guide; Request for Comment. Retrieved. from . FDA, Food and Drug Administration. (2007a). Counterfeit Drugs Questions and Answers. Retrieved February 5, 2008, from http://www.fda.gov/oc/initiatives/counterfeit/qa.html FDA, Food and Drug Administration. (2007b). FDA Publishes Counterfeit Toothpaste, Firm Press Release [Electronic Version]. Retrieved February 5, 2008 from . Federal Bureau of Investigation. (2006). Criminal Investigation Handbook for Agroterrorism. Felson, Marcus. (1998). Crime and everyday life / Marcus F elson. (2nd ed. ed.): Thousand Oaks, Calif. : Pine Forge Press, c1998. Felson, Marcus, & Clarke, Ronald V. (1997). Business and Crime Prevention. New York, NY: Criminal Justice Press. . Feys, Robert, & Fitch, Frederic B. (1969). Dictionary of symbols of mathematical logic (Vol. xiii). Amsterdam: North-Holland Pub. Co. Fitzmaurice, G. (2002a). Measurement error and reliability. Nutrition, 18(1), 112-114. Fitzmaurice, G. (2002b). Statistical methods for assessing agreement. Nutrition, 18(7-8), 694-696. Fleiss, J .L. (1971). Measuring nominal scale agreement among many raters. Psychological Bulletin, 76(5), 378-382. Fleiss, J.L., & Cohen, J. (1973). The equivalence of weighted kappa and the intraclass correlation coefficient as measures of reliability. Educational and Psychological Measurement, 33(2), 613-619. Food and Agriculture Organization of the United Nations. (2002). Good Agricultural Practices (GAPS) [Electronic Version], June. Retrieved March 21, 2008 fiom http://www.fao.org/wssd/sard/documents/faogapen.doc. 171 Fotis, Nick, & Bix, Laura. (2006). Sample Size Selection Using a Margin of Error Approach [Electronic Version]. Medical Device & Diagnostic Industry (MDDI), COVER STORY, 80. Retrieved 11/5/2008 from . Fourtou, J can-Rene. (2006, November 26). Opening Speech. Paper presented at the BASCAP (Business Action to Stop Counterfeiting and Piracy) meeting, Paris. F SIS/U SDA, Food Safety and Inspection Service. (1998). Salmonella Enteritidis Risk Assessment [Electronic Version]. U. S. Department of Agriculture (USDA), Food Safety and Inspection Service (FSIS) from . FSIS/USDA, Food Safety and Inspection Service. (2003a). Listeria Monocytogenes Resources and Risk Assessment [Electronic Version] fi'om FSIS/USDA, Food Safety and Inspection Service. (2003b). Risk Analysis, FSIS/ USDA, Backgrounders/ Key Facts [Electronic Version], June 16, 2007. Retrieved July 2003, from . FSIS/USDA, Food Safety and Inspection Service. (2005, March 2005 ). BSE Resources and Risk Assessment U. S. Department of Agriculture (USDA), Food Safety and Inspection Service (F SIS), fi'om http://www.fsis.usda.gov/Fact_Sheets/Bovine_Spongiform_Encephalopathy_Mad _Cow_Disease/index.asp Gerardi, Kristopher, Lehnert, Andreas, Sherlund, Shane, & Willen, Paul. (2008). Making Sense of the Subprime Crisis [Electronic Version]. Brookings Papers on Economic Activity. Retrieved September 11, 2008 fi'om http://www.brookings.edu/economics/bpea/~/media/Files/Programs/ES/BPEA/20 08_fall_bpea_papers/2008_fall_bpea_gerardi_sherlund_lehnert_willen.pdf. Global Business Leaders Alliance Against Counterfeiting. (2003). Product Counterfeiting Overview. Global Counterfeiting, Background Document, Global Business Leaders Alliance Against Counterfeiting (GBLAA C). GlobalOptions Incorporated. (2003). An Analysis of Terrorist Threats to the American Medicine Supply. Gaithersburg, Maryland: Signature Book Printing, GlobalOptions Inc. Goldstein, Herman (1979). Improving Policing: A Problem-Oriented Approach. Crime & Delinquency, 25(2), 236-258. Graver, PA. (2001). Process Hazard Analysis - Failure Mode Effects Analysis (FMEA) [Electronic Version]. FMEA Information Center. Retrieved Rev. 1, 01/15/01 from http://www.frneainfocentre.com/examples/shortintroexample.pdf. 172 Green, Robert T., & Smith, Tasman. (2002). Executive Insights: Countering Brand Counterfeiters. Journal of International Marketing, 10(4), 89-106 Greenberg, Eric F. (2003, October 2003). Packaging, drug safety, terror and Counterfeits. Packaging Digest, 40, 46(41). Grocery Manufacturer's Association. (2007). Part I: Counterfeit consumer goods. GMA Smartbrief Special Report. Groupement International de la Repartition Pharrnaceutique. (2006). Advancing the Single Market for Medicines. (GIRP)(European Association of Pharmaceutical Full-Line Wholesalers). Gwet, K. (2001). Handbook of inter-rater reliability: how to estimate the level of agreement between two or multiple raters: Gaithersburg, MD: Stataxis. Hallerbach, Winfried G., & Menkveld, Albert J. (2004). Analysing Perceived Downside Risk: the Component Value-at-Risk Framework. European Financial Management, 10(4). Hammerbeck, Pauline. (2008). Protect and Deter. Brand Packaging Magazine, 12(5), 6(5). Hassenzahl, David M. (2006). Implications of Excessive Precision for Risk Comparisons: Lessons from the Past Four Decades. Risk Analysis, 26(1), 265-276. Hazewinkel, M. (1988). Encyclopaedia of Mathematics: an Updated and Annotated Translation of the Soviet "Mathematical Encyclopaedia ". Boston Dordrecht. Hopkins, David M., Kontnik, Lewis T., & Tumage, Mark T. (2003). Counterfeiting Exposed: How to Protect Your Brand and Market Share Hoboken, New Jersey: John Wiley & Sons. Howick, Susan, Eden, Colin, Ackermann, Fran, & Williams, Terry. (2008). Building confidence in models for multiple audiences: The modelling cascade. European Journal of Operational Research, 186(3), 1068-1083. Imitating property is theft - Counterfeiting. (2003). The Economist, 36 7(8324), 70. International Conference on Harmonization. (2005). Quality Risk Management - Q9. Retrieved. from http://www.pmda.go.jp/ich/q/q9_06_9_1e.pdf. INTERPOL. (2007). Intellectual Property Crimes: Trademark Counterfeiting & Copyright Piracy. Interpol Intellectual Property Crimes Action Group (IIPCA G). ISO, International Organization for Standardization. (2002). New ISO and IEC guide to risk management terminology Press Release(Ref.: 833 ). 173 ISO, International Organization for Standardization. (2007a). Committee Draft of ISO 31000 “Risk management - Guidelines on principles and implementation of risk management” ISO, International Organization for Standardization. (2007b). Committee Draft of ISO/IEC Guide 73 “Risk management - Vocabulary”. ISO, International Organization for Standardization. (2008a). ISO/DIS 31000, Risk management -- Principles and guidelines on implementation. ISO, International Organization for Standardization. (2008b). ISO/DIS/IEC 31010 Ed. 1.0: Committee Review Document, Risk Management - Risk Assessment Techniques. Ivanova, Kate. (2007). Corruption, illegal trade and compliance with the Montreal Protocol. Environmental and Resource Economics, 38(4), 475-496. Jablonowski, Mark. (1994). Words or numbers? Risk Management, 41 (12), 47. J ablonowski, Mark. (1996). Using probabilistic risk analysis to improve risk management. Risk Management, 43(3), 23. J ablonowski, Mark. (2005). Do Catastrophe Models Mislead? Risk Management, 52(7), 32. Jain, Vineet Kumar, & Davidson, Rachel Ann. (2007). Application of a Regional Hurricane Wind Risk Forecasting Model for Wood-Frame Houses. Risk Analysis, 27(1), 45-58. J ohanning, Henrik, & Dahlgaard, Asger. (2007). Does quality risk management have value? Pharmaceutical Technology Europe, 19(12), 12. J otcharn, Richard B. (2005). Authentication, Antitarnper, and Track-and-Trace Technology Options To Protect Foods. Journal of Food Protection, International Association for Food Protection, 68(6), 1314-1217(13 14). Kallman, James. (2007). Identifying Risk. Risk Management Magazine, 54(9), 58(52). Kaplan, Stan. (1997). The Words of Risk Analysis. Risk Analysis, 1 7(4), 407-417. Kara-Zaitri, C., Keller, A.Z., Barody, I., & Fleming, P.V. (1991). An improved FMEA methodology. Paper presented at the Reliability and Maintainability Symposium. fiom . Karush, William, & Tarcov, Oscar. (1989). The Crescent Dictionary of Mathematics. New York: Macmillan. 174 Kelly, Robert. (2005). Illicit T rafi‘icking: A Reference Handbook. Santa Barbara, California: ABC-CLIO. Kemshall, Hazel. . (2003). Understanding Risk in Criminal Justice: Buckingham : Open University Press. Kennedy, Jim. (2005). Defining a Successful Global Brand Protection Strategy. PIRA, Innovations in Security Technology Conference. Kiviat, Barbara. (2008). Reassessing Risk. Time, I 72(20), GB.1. Kmenta, Steven, & Ishii, Kosuke. (2000). Scenario-Based FMEA: A Life Cycle Cost Perspective Paper presented at the 2000 ASME Design Engineering Technical Conferences. fi'om . Kontnik, Lewis. (2004). Pharmaceutical Counterfeiting: Preventing the Perfect Crime [Electronic Version]. FFF Enterprises Incorporated, 2008 fi'om . Kontnik, Lewis T. (2006). Manufacturer and Industry Responses to the Counterfeiting Challenge. Journal of Pharmacy Practice, 19(3), 140-145. Kosal, Margaret E. (2006). Terrorism Targeting Industrial Chemical Facilities: Strategic Motivations and the Implications for U.S. Security. Studies in Conflict and Terrorism, 29(7), 719. Krofi, Steve. (2004). Boosting For Billions [Electronic Version]. 60 Minutes, 2004. Retrieved March 1, 2007 from . Lam, James. (2003). Enterprise Risk Management: From Incentives to Controls. New York, NY: John Wiley & Sons, Inc. Langford, Ian H. (2002). An Existential Approach to Risk Perception. Risk Analysis, 22(1), 101-120. Leahy, Patrick. (2008). Statement Of Senator Patrick Leahy (D-Vt.), Chairman, Senate Judiciary Committee, On The Enforcement Of Intellectual Property Rights Act Of 2008. United States Sentate. Lee, Charles R., & Shimpi, Prakash. (2005). The Chief Risk Officer: What Does It Look Like and How Do You Get There? Risk Management, 52(9), 34. Liang, B. A. (2006). Fade to black: Importation and counterfeit drugs. American Journal of Law & Medicine, 32(2-3), 279-323. Lipscomb, Brad, & Lewis, Austin. (2004). The Principles of Six Sigma: Building a Quality Claims Management Program. Risk Management, 51(2), 30. 175 Los Angeles County Development Corporation. (2007). A False Bargain: The Los Angeles County Economic Consequences of Counterfeit Products [Final Draft]. Los Angeles, CA. Lukasik, Dave. (2008). Motorola, Motorola Inc. Brand Protection. Paper presented at the Product Authentication and Brand Protection (PABSO8). from Hardcopy. Martin, Andy. (2007). Industry consults on new regulations. Pharmaceutical Technology Europe, 19(1), 18. Marvel, Janet. (2008). Throw the Bums Out! Tips on Fighting Counterfeiting in Court and Online. Paper presented at the Product Authentication and Brand Security (PABSOS). from Hardcopy. Marvin, H. J. P., Kleter, G. A., Frewer, L. 1., Cope, S., Wentholt, M. T. A., & Rowe, G. (2009). A working procedure for identifying emerging food safety issues at an early stage: Implications for European and international risk management practices. Food Control, 20(4), 345-356. McNeely, Susan. (2007). Selecting Brand-Security Technology Suppliers. Packaging Digest, 44(3), 39. McNeely, Susan. (2008). Protecting Health Care Products - Lessons Learned with Eli Lilly. Paper presented at the Product Authentication and Brand Security Conference (PABSOS). fi'om Hardcopy. Merriam-Webster. (2004). The Merriam-Webster Dictionary -- New Edition. Mil-Std-882D. (2000). MIL-STD-882D, 10 February 2000, SUPERSEDING MIL-STD- 882C, 19 January 1993, DEPARTMENT OF DEFENSE, STANDARD PRACTICE FOR SYSTEM SAFETY, AMSC N/A AREA SAFT, . Millar, James A., & Yeager, Fred C. (2007). Issues in fighting financial crime. Economic Aflairs, 2 7(1), 39. Mitchell, Mark L. (1989). The Impact of External Parties on Brand-Name Capital: The 1982 Tylenol Poisonings and Subsequent Cases. Economic Inquiry, 27(4), 601. Moorman, Marc. (2007). Industry Perspective on Food Safety (Zurich Hazard Analysis). Paper presented at the NFSTC, VM810 Seminar. Morris, Julian, & Stevens, Philip. (2006). Counterfeit medicines in less developed countries: Problems and solutions. London: International Policy Network. Murphy, Niall. (2006). REGULATORY OUTLOOK, Understanding Usability Standards for Medical Devices [Electronic Version]. Medical Device & Diagnostic Industry 176 (MDDI), 74. Retrieved 11/5/2008 from . Nader, Jihad S. (2002). The Manager's Concise Guide to Risk. Hoboken, NJ: John Wiley & Sons, Inc. Naim, Moises. (2005). Illicit: How Smugglers, T raflickers, and Copycats are Hijacking the Global Economy. NY, NY: Doubleday. Nakayachi, Kazuya. (1998). How Do People Evaluate Risk Reduction When They Are Told Zero Risk Is Impossible? Risk Analysis, 18(3), 235-242. National Research Council. (1996). Understanding Risk: Informing Decisions in a Democratic Society. National Research Council (NRC), Washington, DC: National Academy Press. National Retail Federation. (2006). NRF: ORGANIZED RETAIL CRIME RAMPANT. Women's Wear Daily (WWD), National Retail Federation (NRF), 191(123), 17. New York City Comptroller's Office. (2004). Bootleg Billions: The Impact of the Counterfeit Goods Trade on New York City, NYC Comptroller's Office, November 2004. O'Kane, Gerry, & Gopalkrishnan, Shanker. (2005). The Future of Anti-Counterfeiting, Brand Protection and Security Packaging III. Leatherhead, Surrey, UK: Pira International Ltd. (PIRA). Occupational Safety & Health Administration. (1995, 07/26/1995 ). OSHA's approval of the Zurich Hazard Analysis, as an appropriate method for conducting the process hazard analysis which is required by 1910.119, Standard Interpretations. U.S. Department of Labor, Occupational Safety & Health Administration (OSHA) Retrieved June 16 2006, from http://osha.gov/pls/oshaweb/owadisp.show_document?p_table=INTERPRETATI ONS&p_id=21 867 OECD, Organization for Economic Co-Operation and Development. (2007a). The Economic Impact of Counterfeiting and Piracy, Executive Summary [Draft September 2007] . OECD, Organization for Economic Co-Operation and Development. (2007b). The Economic Impact of Counterfeiting and Piracy, Executive Summary, [Draft June 2007] . OECD, Organization for Economic Co-Operation and Development. (2007c). The Economic Impact of Counterfeiting and Piracy, Part I: Overall Assessment [Draft]. 177 OECD, Organization for Economic Co-Operation and Development. (2007d). The Economic Impact of Counterfeiting and Piracy, Part II: Efforts to Combat Counterfeiting and Piracy [DRAFT September 2007] [Electronic Version]. Organization for Economic Co-Operation and Development (OECD). Retrieved November 22, 2007. OECD, Organization for Economic Co-Operation and Development. (2007c). The Economic Impact of Counterfeiting and Piracy, Part 111: Industry Sectors [DRAFT September 2007] . Office of Management and Budget. (2006). Proposed Risk Assessment Bulletin. fi'om http://www.whitehouse.gov/omb/inforeg/proposed_risk_assessment_bulletin_010 906.pdf. Onodera, K. (1997). Eflective techniques of FMEA at each life—cycle stage. Paper presented at the Reliability and Maintainability Symposium. from http://ieeexplore.ieee.org/xpl/RecentCon.jsp?punumber=4288>. Paradise, Paul R. (1999). Trademark counterfeiting, product piracy, and the billion dollar threat to the U.S. economy. Westport, Conn.: Quorum Books. Parloff, R. (2006, May 1). Not exactly counterfeit. Fortune, 153, 108. Patterson, Jacqueline, Meek, M. E., Strawson, Joan E., & Liteplo, Robert G. (2007). Engaging Expert Peers in the Development of Risk Assessments. Risk Analysis, 27(6), 1609-1621. Phillips, Anthony. (2008). Emerging Risk Analysis. Paper presented at the ASIS - Lansing Chapter. Phillips, Tim. (2005). Knockofl? the deadly trade in counterfeit goods : the true story of the world ’s fastest growing crime wave. London: Kogan Page. Pierce, Lisa McTigue. (2004). Building a solid GlaxoSmithKline: multiple mergers have made GSK a master at controlling change, from its operations to country-specific labeling. Food & Drug Packaging, 68(12), 22(28). Pittinger, Charles A., Brennan, Thomas H., Badger, Drew A., Hakkinen, P. J., & Fehrenbacher, M. Catherine. (2003). Aligning Chemical Assessment Tools Across the Hazard-Risk Continuum. Risk Analysis, 23(3), 529-535. Popping, Bert. (2002). The application of biotechnological methods in authenticity testing. Journal of Biotechnology, 98(1), 107-112. Prahl, Dennis S. (2007). Exhausted and Gray, but Still Going Strong: A Comparative View of Parallel Imports fi'om the Trademark Perspective, 11. Preventing parallel imports under trademark law. Retrieved October 12, 2007, fi'om 178 PriceWaterhouseCooper. (2007). Economic Crime: People, Culture and Controls [Electronic Version]. The 4th biennial Global Economic Crime Survey Investigations and Forensic Services, Price WaterhouseCooper (PWC) from http://www.pwc.conr/extweb/pwcpublications.nsf/docid/1 E0890149345149E8525 73 7000705AF 1 /$fi1e/PwC_2007GECS.pdf. Quaranta, Anna Grazia, & Zaffaroni, Alberto. (2008). Robust optimization of conditional value at risk and portfolio selection. Journal of Banking & Finance, 32(10). Rudolf, Paul M., & Bernstein, Ilisa B.G. (2004). Counterfeit Drugs. New England Journal of Medicine, Volume 350:1384-1386, Number 14. Rudolph, Harvey. (2003). REGULATORY OUTLOOK, Do We Need Medical Device Risk Management Certification? [Electronic Version]. Medical Device & Diagnostic Industry (MDDI). Retrieved 11/5/2008 fi'om . Schmidt, Mike W. (2004). Regulatory Outlook, The Use and Misuse of FMEA in Risk Analysis [Electronic Version]. Medical Device & Diagnostic Industry (MDDI). Retrieved 11/5/2008 fi'om . Schwarz, Brian, & Wong, Vanessa. (2006). Counterfeit CURES [Electronic Version]. INSIGHT, Center for Medicine in the Public Interest (CMPI). Retrieved OCTOBER 2006 from http://cmpi.org/PDFs/conference_transcripts_reports/Counterfeit_Cures_A_Repor t_From_the_American_Chamber_of_Commerce_in_Shanghai.pdf. Shepherd, Richard, Barker, Gary, French, Simon, Hart, Andy, Maule, John, & Cassidy, Angela (2006). Managing Food Chain Risks: Integrating Technical and 179 Stakeholder Perspectives on Uncertainty. Journal of Agricultural Economics, 57(2), 313-327. Sim, J ., & Wright, C. C. (2005). The Kappa Statistic in Reliability Studies: Use, Interpretation, and Sample Size Requirements. Physical Therapy, 85, 257-268. Smith, Barbara-Helene. (2004). Regulatory Outlook, Developing a Comprehensive Quality System [Electronic Version]. Medical Device & Diagnostic Industry (MDDI). Retrieved 11/5/2008 fi'om . Smith, Michelle A. (1999). FDA ’s Good Agricultural Practices. Paper presented at the Apple Cider Food Safety Workshop. from http://www.cfsan.fda.gov/~comm/cidwsmi2.htrnl. Society of Automotive Engineers (SAE). (2002). Potential Failure Mode and Effects Analysis in Design (Design FMEA) and Potential Failure Mode and Effects Analysis in Manufacturing and assembly Processes (Process F MEA). Reference Manual, Document Number: SAE J I 739. Sodipo, Bankole. (1997). Piracy and counterfeiting : GA TT, TRIPS and developing countries. London: Kluwer Law International. Spink, John. (2008). Meeting Notes - Imported Foods Vulnerability Project Kick-Ofl Conference Call. East Lansing, Michigan: Michigan State University. Spitzer, Robert L, & Fleiss, Joseph L. (1974). A Re-analysis of the Reliability of Psychiatric Diagnosis. The British Journal of Psychiatry, 125, 341-347. Stamatelatos, Michael. (2000). Probabilistic Risk Assessment: What Is It And Why Is It Worth Performing It? Safety & Mission Assurance News - Mission Success Starts With Safety, NASA(April 2000). Standards New Zeeland. (2008). Release of Draft International Standard (DIS) for public comment: ISO 31000 DIS - First draft international Standard on Risk Management. Studler, Nicholas. (2008). Brand and IP Protection at The Coca-Cola Company. Paper presented at the Product Authentication and Brand Strategy (PABSO8). fi'om Hardcopy. Supreme Court of the State of Florida. (2003). IN THE SUPREME COURT OF THE STATE OF FLORIDA, Case No: SC02-2645, FIRST INTERIM REPORT, OF THE SEVENTEENTH STATEWIDE GRAND JURY, Case No: SC02-2645, First Interim Report of the Seventeenth Statewide Grand Jury, Dec. 19, 2003. Taylor, Charles. (2006). The RMA operational risk management framework. The RMA Journal (Risk Management Association), 4(4). 180 Tibiletti, Luisa. (2008). Value-at-risk: is lacking in sub-additivity just an annoying technicality? International Journal of Risk Assessment and Management, 9(1/2). Tilden, John. (2007). Personal Communication. In J. Spink (Ed.). East Lansing, Michigan. Todd, Ewen. (2008). Discussion of Counterfeit Risk Model. In J. Spink (Ed.). East Lansing, Michigan: John Spink. Town, Stephen. (2001). Crime displacement: the perception, problems, evidence and supporting theory, Bradford District Architectural Liaison Oflice (UK). Tritter, Donna L. (1989). EEC's Attempts to Stop the Importation of Counterfeit Goods, The 12 B. C. Int'l & Comp. L. Rev, 423 Union des F abricants (on INTERPOL.int). (2004). Counterfeiting & Organized Crime Report, . Union des Fabricants, 16, rue de la F aisanderie, 75116 Paris,: Union des F abricants. United Nations Development Programme. (1999). Human Development Report I 999. New York Oxford, Oxford University Press: United Nations Development Programme (UNDP). United Nations International Narcotics Control Board. (2006). International Narcotics Control Board Report: International Narcotics Control Board, United Nations (UN/ NCB). United States Department of Justice. (2006). Prosecuting Intellectual Property Crime [Electronic Version]. CCIPS, Criminal Division, 2007. Retrieved September 2006 from USDOJ.gov, . US Department of Agriculture. (2005). Frequently Asked Questions, Revised [Electronic Version]. Strategic Partnership Program Agroterrorism (SPPA) from . US Department of Commerce. (2007). Intellectual Property, What is It? Retrieved February 5, 2007, from www.stopfakes.gov/sf_what.asp US Department of State. (2006, January). Glossary of Intellectual Property Terms. Retrieved December 15, 2007, fi'om US Forest Service. (2006). Fire Danger Rating. WFAS, the Wildland Fire Assessment System, USDA/US Forest Service Retrieved June 20, 2006, from http://www.wfas.us/content/view/17/32/ Van Der Fels-Klerx, Ine H. J ., Goossens, Louis H. J., Saatkamp, Helmut W., & Horst, Suzan H. S. (2002). Elicitation of Quantitative Data fiom a Heterogeneous Expert Panel: Formal Process and Application in Animal Health. Risk Analysis, 22(1), 67-81. van Schendel, Willem, & Abraham, Itty. (2005). Illicit Flows and Criminal Things: States, Borders, and the Other Side of Globalization. Bloomington, IN.: Indiana University. Vladychenko, Alexander. (2006). Can the Council of Europe Support Actively the Setting-up of Ejfective International Collaboration against Counterfeit Medicines? Paper presented at the International Conference “ Combating Counterfeit Drugs : Building Effective International Collaboration. fiom http://mednet3.who.int/cfi/PRESENTATIONS/CouncilofEurope.ppt Waite, Nick. (2004). The future of anti-counterfeiting, brand protection and security packaging in Central and Eastern Europe. Leatherhead, Surrey, UK: Pira International Ltd (PIRA). Wallerstein, Mitchel B., Mogee, Mary Ellen, & Schoen, Roberta A. (Eds.). (1993). Global dimensions of intellectual property rights in science and technology. Washington, DC: National Academy Press. Wang, J ingguo, Chaudhury, Aby, & H Raghav Rao. (2008). A Value-at-Risk Approach to Information Security Investment, Information Systems Research. 19(1). 182 Wechsler, Jill. (2007). Industry, Regulators Move to Adopt Quality Standards. Pharmaceutical Technology 31(2), 30. Weisstein, Eric. (2003). CRC concise encyclopedia of mathematics (2nd ed.). Boca Raton: Chapman & Hall/CRC. WHO, World Health Organization. (2000). Counterfeit Drugs: Cottage Industry or Organized Crime? Press Release. WHO, World Health Organization. (2003). Assuring Food Safety and Quality: Guidelines for Strengthening National Food Control Systems World Health Organization WHO, World Health Organization. (2004). Codex Alimentarius Commission, PROCEDURAL MANUAL: World Health Organization WHO, World Health Organization. (2006). The Safety of Medicines in Public Health i Programmes: Pharmacovigilance an essential tool: World Health Organization. ' WHO, World Health Organization. (2007a). Counterfeit medicines. Retrieved March 1, 2007, 2007, from http://www.wpro.who.int/health_topics/counterfeit_medicines/ WHO, World Health Organization. (2007b). General information on counterfeit medicines World Health Organization. Willis, Henry H., & LaTourrette, Tom. (2008). Using Probabilistic Terrorism Risk Modeling for Regulatory Benefit-Cost Analysis: Applications to the Western Hemisphere Travel Initaitive in the Land Environment. Risk Analysis, 28(2), 25. Withington, Neil. (2005). Second Global Congress on Combating Counterfeiting and Piracy: Getting it right in the fight against fakes (Vol. Speech by: Director, Legal & Security and General Counsel British American Tobacco). World Customs Organization. (2003). Risk Management Guide. World Customs Organization. (2005). Guidelines on controlling Free Zones in relation to Intellectual Property Rights infringements. World Customs Organization. (2006). The first review: Customs and Counterfeiting 2004, Press Release, [Electronic Version]. World Customs Organization (WCO), 2007. Retrieved August 18, 2008 from . World Customs Organization. (2007a). Counterfeiting and Piracy - Crime of the 21 st century? WCO NEWS, World Customs Organization (WCO)(54). World Customs Organization. (2007b). Review of the Fight against Counterfeiting in 2006. Brussels, Belgium: World Customs Organization. 183 World Customs Organization. (2007c). SAFE - Framework of Standards: World Customs Organization. World Intellectual Property Organization. (2008). Are there internationally accepted definitions of counterfeiting and piracy? Frequently Asked Questions Retrieved November 18, 2008, from http://www.wipo.int/enforcement/en/faq/counterfeiting/faq01 .htrnl, World Trade Organization. (1994). Agreement on Trade Related Aspects of Intellectual Property Rights, Including Trade in Counterfeit Goods. Retrieved May 4, 2007, fiom http://www.wto.org/english/docs_e/legal_e/27-trips_05_e.htm Xin, Hao, & Stone, Richard. (2008). TAINTED MILK SCANDAL: Chinese Probe Unmasks High-Tech Adulteration With Melamine. Science, 322(5906), 1310- 1 3 l 1 . Xuemei, Bian, & Cleopatra, Veloutsou. (2007). Consumers' attitudes regarding non- deceptive counterfeit brands in the UK and China. Journal of Brand Management, 14(3), 211. Yankus, Wyatt. (2006). Counterfeit Drugs: Coming to a Pharmacy Near You [Electronic Version]. The American Council on Science and Health (A CSI-D. Retrieved August 2006 from . Yar, Majid. (2005). A Deadly Faith in Fakes: Trademark Theft and the Global Trade in Counterfeit Automotive Components [Electronic Version]. Journal of Criminology from www.intemetjoumalofcriminology.com. Yeung, Godfiey, & Mok, Vincent. (2006). Regional monopoly and interregional and intraregional competition: the parallel trade in Coca-Cola between Shanghai and Hangzhou in China. Economic Geography, 82(1), 89. Zaichkowsky, Judith Lynn. (2006). The psychology behind trademark infiingement and counterfeiting. Mahwah, N.J.: Lawrence Erlbaum. Zambrano, Lyda, Sublette, Kerry, Duncan, Kathleen, & Thoma, Greg. (2007). Probabilistic Reliability Modeling for Oil Exploration & Production (E&P) Facilities in the Tallgrass Prairie Preserve [Electronic Version]. Risk Analysis, 27, 1323-1333. Retrieved October 2, 2008. 184