(1) The Authority shall conduct customs controls including random checks.

(2) A customs control conducted under subsection (1) shall primarily be based on risk management with the objective of

(a) identifying and evaluating risks, and

(b) developing counter-measures on the basis of a risk management criteria developed and updated regularly from international, national and local level data.

(3) The Authority, in conjunction with cooperating foreign customs administrations, may carry out joint control and targeting activities based on risk management to increase effectiveness to ensure security in shipment and in combating transnational crime.

(4) Specific information regarding risk management including risk register, risk profile and other risk assessment data is confidential.

(5) The Authority may employ a consultant to assist in the development and implementation of risk management programmes as long as confidential information is protected from disclosure.