Bloomberg Law
Feb. 5, 2018, 2:01 PM UTC

Practitioner Insights: Environmental Auditing in New Regulatory Era

Tim Wilkins
Tim Wilkins
Bracewell LLP

To read the popular press in recent months, one may have the impression that recent activities of the Environmental Protection Agency under President Donald Trump have environmental law in full retreat and that the proverbial foxes are guarding the henhouse. As such, some observers might be forgiven for thinking that industry’s internal environmental compliance auditing function—commonly built, at least in part, to help companies stay one step ahead of vigorous agency enforcement efforts—has become less important with the change in administration.

Seasoned environmental professionals understand, however, that robust compliance programs remain critical. Most of the fundamentals of environmental law that have been in place for decades remain unchanged. The administration’s dramatic slowing of aggressive new environmental regulations, however, does offer important opportunities—to “stop scrambling just to keep up,” and to reflect on new ways that environmental law is being implemented and enforced. The slowing also affords an opportunity to examine how environmental auditing efforts can best be adapted to suit regulatory circumstances that have changed significantly over the past decade.

Background

An entire profession of environmental auditing arose in the 1980s and 1990s as environmental laws and regulations adopted in the previous decade reached full bloom. Conceptually, environmental auditors identify statutory, regulatory, and permit requirements applicable to facilities and evaluate how companies perform relative to those requirements. Identified gaps in compliance lead auditors to provide recommendations to the audited company or facility for corrective actions. Different companies choose to audit for varying reasons, but in general, auditing helps to verify compliance and better enables companies to avoid compliance gaps that can lead to costly enforcement actions, penalties, and injunctive relief.

The benefits of finding and fixing problems are fairly obvious. The potential costs, however, are significant. In addition to the direct costs of paying internal or external auditors for their investigatory work, audits can also prove burdensome by interrupting and distracting ongoing operations and compliance efforts. Also importantly, written reports prepared by environmental experts that list a facility’s failures to comply with legal requirements create significant legal risk.

Although audit reports are not quite a legal confession of noncompliance, they can nonetheless be a very serious source of concern. Designed in significant part to reduce a company’s environmental enforcement exposure, the compliance-related findings of an environmental audit report can—in the wrong circumstances—actually become evidence that can instead increase that risk.

Audit Privilege and Leniency Issues

State privilege and immunity laws: Beginning in roughly 1993, many states began adopting environmental audit privilege laws and policies designed to give industry greater incentives to self-police with respect to their compliance with environmental law (Susan J. Spicer, Turning Environmental Litigation on Its E.A.R.: The Effects of Recent State Initiatives Encouraging Environmental Audits, 8 VILL. ENVTL. L.J. 1, at 1 (1997)). Generally, these privilege and immunity statutes take two forms:

  1. statutes providing a limited evidentiary privilege for reports created in conjunction with environmental audits such that audit findings could not be used against companies in certain enforcement or litigation matters; and,
  2. statutes or policies granting immunity or leniency from penalties for violations discovered in an environmental audit, corrected, and voluntarily reported to authorities. (Id.) Twenty-nine states, including Texas, have adopted privilege laws, immunity laws, or both, according to the EPA, with an additional 15 states adopting nonstatutory policies covering these issues.

EPA Audit Policy: While disagreeing with audit privilege and statutory immunity concepts, the EPA nonetheless has viewed auditing as an important function, and the agency also has taken some steps at the national level to help incentivize self-policing. Since 1986, the EPA has attempted to avoid discouraging auditing by claiming that it would not “routinely seek” audit reports for use as evidence in enforcement cases. In 1995, the EPA adopted a leniency policy, developing it more fully in the agency’s April 2000 audit policy, “Incentives for Self-Policing: Discovery, Disclosure, Correction and Prevention of Violations,” which remains in effect today. The audit policy provides incentives for regulated entities to voluntarily discover, disclose, and correct violations of federal environmental laws and regulations by providing for significant penalty reductions and agreeing not to recommend criminal prosecution for qualifying audit disclosures (EPA’s Audit Policy, (last updated Jan. 17, 2017)).

Current state of play: On Dec. 9, 2015, the EPA announced an update to its audit policy by creating a centralized, web-based “eDisclosure” portal to receive and automatically handle self-disclosed civil violations of environmental law. The EPA suggests that the automated eDisclosure system will allow businesses to quickly resolve their more routine types of disclosures. The agency’s approach to disclosure and streamlined processing for a limited subset of potential violations (i.e., certain limited violations of the Emergency Planning and Community Right-to-Know Act, like Tier II reporting omissions) appears to meet this promise; however, for most categories of violations, the EPA under its new policy effectively receives and holds disclosures without performing any review or processing, leaving companies that disclose violations somewhat in regulatory limbo. Despite these changes, both environmental auditing and federal and state audit disclosure opportunities remain an important part of any compliance toolkit and a feature of environmental law that companies should carefully consider.

Changing Realities of Environmental Enforcement

In recent years, a number of new trends have emerged in EPA and state environmental enforcement that would seem to have important implications for environmental auditing efforts that are designed to help reduce enforcement risk. As part of a new enforcement regime, for example, the EPA under the previous administration established a Next Generation Compliance (“Next Gen”) initiative, which seeks to modernize the EPA’s compliance protocols by utilizing new tools and approaches while strengthening enforcement of environmental laws. Among the elements of Next Gen were the use of advanced monitoring technologies and increased electronic reporting.

In terms of advanced technologies, thermal imaging devices such as forward-looking infrared (FLIR) optical gas imaging cameras are able to visually detect emissions that can be harmful to the environment from industrial and petrochemical plants in real time. Fenceline monitoring and flyovers also represent examples of advanced technology EPA and other environmental agencies are utilizing to sharpen the teeth of their enforcement efforts. Industry is beginning to learn that the EPA will use the results of this advanced monitoring—which generally goes well above and beyond what is required in the applicable regulations and permits—to commence enforcement actions based on that monitoring, even where the tests for compliance set forth in the regulations and permits (AP-42 emission factors, for example) are being met on their face.

The EPA also has resorted to greater use of electronic reporting requirements rather than paper submissions. In addition to increased efficiency and ease of access, electronic reporting has allowed the EPA to use data mining techniques rather than the more painstaking reading of each submission to identify potential bases for enforcement actions. A recent initiative in EPA Region 6 involved the agency electronically comparing high-volume hazardous waste shipments with the self-reported waste generator status of the companies generating the wastes, readily identifying self-described “small quantity generators” who were shipping waste volumes suggesting they should have been “large quantity generators” subject to much more rigorous regulation.

More broadly, the EPA and the state agencies appear to be increasing their use of self-reported information as the basis for enforcement action, as opposed to physical site inspections. Self-reported deviations in Title V reporting, exceedances noted in discharge monitoring reports, and Comprehensive Environmental Response, Compensation, and Liability Act and Emergency Planning and Community Right-to-Know Act release reporting seem to more frequently trigger enforcement actions based almost exclusively on information provided to the agencies by the regulated entity in question. This trend has led some to characterize these practices by the EPA and other environmental regulatory authorities as “desktop enforcement,” in which enforcement actions are based almost entirely on a company’s environmental paper trail reviewed in agency offices rather than as a result of inspector boots on the ground.

A related trend is the EPA’s increased aggressiveness in propounding information requests on the regulated community. Rather than the EPA broadly investigating facts that could lead to the discovery of potential violations, the agency increasingly appears to be sending requests for industry to divulge potentially inculpatory information, in some cases even asking the request’s recipient for admissions of particular violations and the duration thereof. Again, there is an appearance that the agencies are attempting to conserve resources by having the regulated community build the enforcement case against itself and provide the supporting evidence for that case to the agency.

Finally, the EPA in recent years has greatly increased its use of the so-called “general duty clause” (GDC) in Section 112(r)(1) of the Clean Air Act, finding violations—especially in the wake of incidents or releases—based on a company’s generalized failure to prevent or minimize hazards, as opposed to finding violations of specific regulatory commands. The GDC is a performance-based authority recognizing that owners and operators have a general duty and responsibility to prevent and mitigate the consequences of chemical accidents at any facility where extremely hazardous substances are present (General Duty Clause under the Clean Air Act Section 112(r)(1), U.S. Environmental Protection Agency (updated March 9, 2017).

Given these changing realities in the agencies’ enforcement approach, we believe that industry’s approach to self-auditing needs to be adapted in order to remain effective in helping companies stay ahead of the enforcers. In today’s enforcement landscape where unauthorized emissions can be detected by a special camera instead of the mechanisms specified in one’s permit, reportable upsets become almost automatic enforcement actions. In addition, a “violation” is something that appears to not be as safe as it should in the eye of the agency beholder, and the traditional “regulation checklist” approach to auditing is no longer sufficient preparation.

Adapting Compliance, Auditing to Fit New Enforcement Climate

If federal and state agencies are approaching environmental enforcement initiation and evidence differently, and if environmental self-auditing is—at least in part—an effort to minimize enforcement risk by addressing issues of likely interest to enforcers before the enforcers have a chance to do so themselves, environmental auditors need to rethink the traditional approach to auditing.

As noted, enforcement triggers and evidence now rely significantly on advanced monitoring technologies that go beyond what permits and underlying regulations require in a number of respects: (i) desktop evaluations of electronic reporting and other periodic and event-driven reporting requirements, (ii) frequent and searching information requests to companies, and (iii) application of “general duty” concepts in addition to traditional regulatory and permit commands. If auditors are going to help their clients and employers get ahead and stay ahead of the enforcers, audits need to be targeted to these exposures in addition to the regulatory and permit checklist.

As discussed above, any form of regulatory compliance self-audit is fraught with legal issues—for example, the fact that documentary evidence laying out information reflecting potential non-compliance inherently gives rise to risk. But companies have learned to structure these traditional compliance audits as legal investigations subject to attorney-client privilege or applicable state law audit privileges to help protect their audit information.

Audits that apply new approaches to try to address the enforcers’ new tactics may not be so easily protected. Obviously, to the extent, an audit can be fashioned to help identify risks that lead to reportable events or deviations, those efforts might help reduce enforcement exposure. But before commencing work, careful consideration of how to design an audit program to protect information generated by FLIR photography or fenceline monitoring, for example, is warranted. Assessing hazards using a comparatively standardless “general duty” or “incident prevention” approach may have merit in terms of inspection readiness, but where does one draw the line on what corrective actions may be required (or merely suggested) in the face of such observations? And how should audit reports that include such elements be written up to minimize the risk of adverse evidentiary use?

Separately, pursuing audits based on these new approaches is especially tricky if one is determined to take advantage of the audit disclosure policies and statutes that are available to provide penalty relief. If one detects a risk from hazardous chemicals or emissions visible in a FLIR image that would otherwise not run afoul of any specific regulatory or permit requirement, would one in an abundance of caution craft a written audit disclosure claiming to have discovered a violation of the Clean Air Act’s GDC or claiming the discovery through the audit of specific unauthorized emissions? Such disclosures seem potentially complicated to prepare. Perhaps more importantly, by submitting such an audit disclosure, has one effectively admitted that similar “risk” issues of visible detections at other facilities are violations subject to enforcement absent a disclosure, exposing the company to a greater risk of enforcement over what before might have been standardless allegations readily contested as such?

We do not pretend that there is a “one size fits all” answer to the sorts of complexities and choices available to a given facility, company, or industry arising from decisions on auditing and audit disclosure involved where these new tools and approaches are available both to the enforcers and to the auditors. But we strongly recommend that companies take the opportunity first to carefully consider with the advice of their inside and outside environmental professionals and counsel how these new approaches to enforcement may impact the objectives of their audits and then to develop auditing approaches and audit disclosure principles that are suited to these new realities.

Timothy A. Wilkins is the managing partner of Bracewell LLP’s Austin office, where he handles strategic environmental permitting assistance, the defense of environmental enforcement actions, and assistance with the environmental aspects of major transactions. He has overseen environmental compliance audits involving thousands of locations, handled hundreds of environmental audit disclosures, and pioneered the development and use of EPA’s audit policy for new owners.

Ryan M. Eletto is an associate in Bracewell LLP’s Washington office, where he focuses on environmental strategy, energy regulation, regulatory matters and public policy issues. He advises clients in litigation, investigation, enforcement and compliance matters.

The opinions expressed here do not represent those of Bloomberg Environment, which welcomes other points of view.

Learn more about Bloomberg Law or Log In to keep reading:

Learn About Bloomberg Law

AI-powered legal analytics, workflow tools and premium legal & business news.

Already a subscriber?

Log in to keep reading or access research tools.