How do regulated air cargo agents remain vigilant against the constantly evolving menace to New Zealand’s aviation industry?

Since their introduction in 2009, RACAs have played a crucial role in ensuring that cargo loaded into international passenger aircraft is secure, properly documented, and doesn’t contain any prohibited or dangerous items.

The CAA’s lead analyst of security threats, Marcus Linnell, says the constantly changing security landscape means those in the sector can never say ‘job done’.

“We can never be complacent about the security measures protecting passenger aircraft.

“New Zealand’s threat level has ranged from very low to high at different times in the 16 years since the RACA was born. But even at times when the threat level is low, we don’t have the luxury of considering only our own specific context – we’re obliged to help protect international civil aviation as well.”

To become a RACA, freight forwarders must demonstrate to the CAA that they have strong security controls and processes at their facilities.

They also need to demonstrate they can keep freight secure at all times, ensuring all cargo handled en route to an international passenger aircraft remains secure.

But, after certification, how do RACAs keep their staff vigilant and proactive day-by-day to make sure that happens?

The arrival of the RACA was a direct response to the increasing sophistication of global threats, including the risk of improvised explosive devices being concealed in cargo shipments.

In the years since, the threat environment has shifted dramatically. New risks – from cyber attacks to geopolitical instability – have made aviation one of the most targeted sectors in the world.

Yet, despite increasing automation, digitalisation, and complex regulatory frameworks, the most important layer of protection continues to be people.

That’s why today’s air cargo security isn’t just about rules and systems. It’s also about creating a culture, a mindset shared across every level of an organisation, prioritising vigilance, integrity, and shared accountability.

From compliance to culture

Regulations provide the foundation, but it’s ‘culture’ keeping systems resilient. As the security landscape evolves, RACAs must shift from a procedural mindset to one rooted in continuous awareness and responsibility.

“A robust security culture is one where every individual, from those handling cargo on the floor to senior managers, understand the ‘why’ behind security measures,” says CAA’s head of security certification and monitoring David Willing.

The CEO of the Customs Brokers and Freight Forwarders Federation (CBAFF), Sherelle Kennelly, agrees.

“It’s not enough to tick boxes,” she says. “A strong security culture means every team member recognises what’s at stake and actively contributes to keeping cargo, passengers – and everyone on the ground – safe.”

That cultural shift is reflected in the operational strategies of freight forwarders like Jenners Worldwide Freight. CEO Katrina Jenner says to keep it simple.

“As a RACA, our security procedures are designed to be accessible for our staff. We follow a simplified process using visual workflows and clear, consistent language.

“If freight is received in a way that isn’t expected, such as ‘tamper-evident’¹ being received as different, our team identifies it immediately.”

These day-to-day practices, though seemingly basic, make a measurable difference. They reduce the likelihood of mistakes, empower staff to act with confidence, and ultimately contribute to a more secure international supply chain.

“Compliance should be embedded in day-to-day operations, not treated as a one-off exercise for audit time,” says David Willing.

“When the right processes are followed consistently – every shipment, every customer interaction – it builds a culture where compliance becomes second nature. This approach not only reduces risk but also strengthens operational efficiency and trust.

“Preparing for an audit shouldn’t require a scramble, it should simply reflect how your business operates every day.”

Tackling insider risk

“While external threats often draw the most attention, the risk of an insider, someone within the organisation who could compromise security, is real and growing,” says David.

“It doesn’t always mean malicious intent. Sometimes unintentional actions from uninformed or disengaged staff can lead to serious vulnerabilities.”

Sherelle Kennelly says changes in behaviour might mean someone’s under pressure, distracted, or being influenced by external parties.

“Leaders and supervisors must know their people well enough to notice when something isn’t right.

“Insider threats are not just a theoretical concept. They’re a known challenge internationally, and one of the most difficult to detect if an organisation lacks internal cohesion. For that reason, culture is again key.

“Freight forwarders should promote security culture as a core management responsibility. Managers are trained not just in operational compliance but in building trust with their teams. But the principle applies to larger organisations as well.”

“Even in a business with more than a hundred staff there must be accountability chains, supervisors, and team leaders who know their people’s patterns and wellbeing,” says Katrina Jenner.

Sherelle Kennelly agrees. “CBAFF actively promotes this principle as part of good operational ‘hygiene’.

“Know your people. Understand their pressures, and support them before issues arise.”

Normalising reporting

In aviation security it’s not the catastrophic event that defines resilience, it’s those everyday moments – when something small is spotted and acted on – that provide the strongest layer of protection.

Security culture thrives in environments where reporting is expected and actively encouraged.

Whether it’s a mismatched label, an unfamiliar driver, or something that ‘just feels off’, frontline staff must feel safe and supported by management to raise issues.

“Security should be treated like health and safety – it’s not just management’s job,” says Katrina Jenner.

“Our staff know they can report something – even if they themselves made the mistake – without fear of being punished.”

CBAFF says it, too, promotes this individual responsibility, which is echoed in the Health and Safety at Work Act 2015, to help RACAs embed similar thinking – ‘If you see something, say something’.

“We’ve seen time and again that the biggest breakthroughs come from the smallest observations,” Sherelle Kennelly says.

“We want staff to not only speak up, but to know they’re contributing to something larger – industry-wide safety.”

CAA’s Marcus Linnell says it’s vital that RACAs also report to the CAA when they encounter things they aren’t sure about, or that might present a risk.

“It’s key for RACAs to understand that reporting to the CAA about suspicious incidents or indicators of concern helps us to assess risks and vulnerabilities across the sector.

“Since the CAA works closely with a range of domestic and international security partners to understand threats to civil aviation, it’s vital RACAs report small issues in the sector that could help us join the dots in relation to a bigger issue.”

Sherelle Kennelly agrees. “We encourage a proactive approach where reporting minor issues helps reveal patterns and trends over time, supporting stronger engagement between RACAs, known customers², and the CAA.”

AirCertifyNZ – raising the bar

Launched in late 2024, AirCertifyNZ(external link) is CBAFF’s programme designed to bring consistency, clarity, and confidence to RACA operations. It supports members through a range of initiatives by clarifying regulatory requirements and expectations, and providing access to independent verifiers who assess known customer practices.

“Historically, each RACA might assess the same known customer independently,” says Sherelle Kennelly. “This can lead to inconsistent outcomes and duplication of effort. AirCertifyNZ introduces a single, independent review that’s accepted across all participating RACAs.”

This shared approach saves time, improves efficiency, and strengthens sector-wide standards. It ensures greater consistency across the sector because one standard is applied to all interactions with a particular known customer, and there aren’t, for instance, eight different interpretations of the same rules.

Already around 15 percent of CBAFF’s RACA members are participating in the programme, including several of the country’s largest freight forwarders. And the early results are promising improved cooperation, fewer delays, and higher confidence in the security chain.

Known customers as critical security partners

Cargo security doesn’t start at the warehouse – it starts at the door of the known customer. RACAs rely on the accuracy, integrity, and security of their known customers to prevent delays, additional screening, and potential compliance breaches.

CBAFF says that, through AirCertifyNZ, known customers are becoming more aware of what’s required to make sure the supply chain remains secure.

And RACAs like Jenners actively maintain close relationships with known customers – including conducting site visits, establishing ongoing monitoring, reviewing documentation, and building an understanding of each known customer’s ‘norm’.

“We know our customers well enough to notice when something’s different, whether it’s the packaging, the tape, or the paperwork,” says Katrina Jenner.

“That familiarity is critical. If something’s out of the ordinary, we act on it immediately. We don’t wait for a red flag, we look for the amber.”

CBAFF sees this as a key benefit of AirCertifyNZ – strengthening known customers’ education and accountability, while supporting RACAs to make smarter, faster decisions.

“We’re helping everyone in the chain lift their game,” Sherelle says. “That means fewer delays, safer processes, and better outcomes across the board.”

Lifting the industry, together

One of the programme’s most valuable contributions is how it promotes information sharing. Previously, a RACA might record a minor lapse, such as poorly sealed packaging or incorrect documentation, but not share it.

Now, through AirCertifyNZ, those observations can be logged and shared in anonymised form across the network.

“It’s those small indicators that, when aggregated, help us understand patterns,” Sherelle explains. “If five RACAs notice the same issue with a certain product line or known customer, we can take proactive steps to prevent future risks.”

This sector-wide intelligence approach also supports the CAA’s approach, and aligns with New Zealand’s international aviation obligations.

From strong to exceptional

New Zealand’s air cargo security framework is robust, but the dynamic nature of today’s global threat landscape demands more.

Sherelle Kennelly says CBAFF’s goal is to lift the sector from ‘strong’ to ‘exceptional’ by embedding security awareness into every corner of the industry.

“Air cargo security is a shared responsibility between RACAs, known customers, staff, and regulators,” she says.

“By working together through programmes like AirCertifyNZ, we’re building a more connected, consistent, and confident air cargo network.”

Katrina Jenner echoes this optimism. “We’ve seen huge improvements in recent years. What used to be frequent lapses from known customers are now rare. That’s because the culture is shifting – people understand that security isn’t someone else’s job, it’s everyone’s job.”

There’s also a clear commercial incentive. With international airlines increasingly focused on secure freight practices, RACAs demonstrating high standards can avoid additional screening, maintain preferred status, and protect New Zealand’s export reputation.

“If we don’t meet global expectations, airlines may not lift from here,” Katrina warns. “That affects our entire economy.”

Sherelle agrees. “Our RACAs’ known customers, especially those moving high-value or time-sensitive goods, depend on a seamless air cargo chain.

“We owe it to them and to every passenger flying out of New Zealand to keep improving.”

See also...

Enhancing your organisation’s security culture

 

---

Footnotes

¹ Tamper-evident seals are designed to enable the identification of any interference with cargo or its contents.

² A ‘known customer’ is an exporter which has been scrutinised and approved by the RACA. The known customer has security procedures to prevent banned or dangerous items from entering the air cargo supply chain.