The Criminalization of Safety (Part 3)

Our Perspective

The facts and circumstances of the events described in Table 1 in Part 1 point to a common driver - the collision of business and safety priorities, with safety being compromised.  Culture is inferred as the “cause” in several of the events but with little amplification or specifics.^[1]  The compromises in some cases were intentional, others a product of a more complex rationalization.  The events have been accompanied by increased criminal prosecutions with varied success. 

We think it is fair to say that so far, criminalization of safety performance does not appear to be an effective remedy.  Statutory limitations and proof issues are significant limitations with no easy solution. The reality is that criminalization is at its core a “disincentive”.  To be effective it would have to deter actions or decisions that are not consistent with safety but not create a minefield of culpability.  It is also a blunt instrument requiring rather egregious behavior to rise to the level of criminality.  Its best use is probably as an ultimate boundary, to deter intentional misconduct but not be an unintended trap for bad judgment or inadequate performance.  In another vein, criminalization would also seem incompatible with the concept of a “just culture” other than for situations involving intentional misconduct or gross negligence.

Whether effective or not, criminalization reflects the urgency felt by government authorities to constrain excessive risk taking, intentional or not, and enhance oversight.  It is increasingly clear that current regulatory approaches are missing the mark.  All of the events catalogued in Table 1 occurred in industries that are subject to detailed safety and environmental regulation.  After the fact assessments highlight missed opportunities for more assertive regulatory intervention, and in the Flint cases there are actual criminal charges being applied to regulators.  The Fukushima event precipitated a complete overhaul of the nuclear regulatory structure in Japan, still a work in progress.  Post hoc punishments, no matter how severe, are not a substitute.

Nuclear Regulation Initiatives

Looking specifically at nuclear regulation in the U.S. we believe several specific reforms should be considered. It is always difficult to reform without the impetus of a major safety event, but we could see these actions as ones that could appear obvious in a post-event assessment if there was ever an “O-ring” moment in the nuclear industry.^[2]

1. The NRC should include the safety management system in its regulatory activities.

The NRC has effectively constructed a cordon sanitaire around safety management by decreeing that “management” is beyond the scope of regulation.  The NRC relies on the fact that licensees bear the primary responsibility for safety and the NRC should not intrude into that role.  If one contemplates the trend of recent events scrutinizing the performance of regulators following safety events, this legalistic “defense” may not fare well in a situation where more intrusive regulation could have made the difference.

The NRC does monitor “safety culture” and often requires licensees to address weaknesses in culture following performance issues.  In essence safety culture has become an anodyne for avoiding direct confrontation of safety management issues.  Cynically one could say it is the ultimate conspiracy - where regulators and “stakeholders” come together to accept something that is non-contentious and conveniently abstract to prevent a necessary but unwanted (apparently by both sides) intrusion into safety management.

As readers of this blog know, our unyielding focus has been on the role of the complex socio-technical system that functions within a nuclear organization to operate nuclear plants effectively and safely.  This management system includes many drivers, variables, feedbacks, culture, and time delays in its processes, not all of which are explicit or linear.  The outputs of the system are the actions and decisions that ultimately produce tangible outcomes for production and safety.  Thus it is a safety system and a legitimate and necessary area for regulation.

NRC review of safety management need not focus on traditional management issues which would remain the province of the licensee.  So organizational structure, personnel decisions, etc. need not be considered.^[3]  But here we should heed the view of Daniel Kahneman where he suggests we think of organizations as “factories for producing decisions” and therefore, think of decisions as a product.  (See our Nov. 4,2011 post, A Factory for Producing Decisions.)  Decisions are in fact the key product of the safety management system.  Regulatory focus on how the management system functions and the decisions it produces could be an effective and proactive approach.

We suggest two areas of the management system that could be addressed as a first priority: (1) Increased transparency of how the management system produces specific safety decisions including the capture of objective data on each such decision, and (2) review of management compensation plans to minimize the potential for incentives to promote excessive risk taking in operations.

2. The NRC should require greater transparency in licensee management decisions with potential safety impacts.

Managing nuclear operations involves a continuum of decisions balancing a variety of factors including production and safety.  These decisions may occur with individuals or with larger groups in meetings or other forums.  Some may involve multiple reviews and concurrences.  But in general the details of decision making, i.e., how the sausage is made, are rarely captured in detail during the process or preserved for later assessment.^[4]  Typically only decisions that happen to yield a bad outcome (e.g., prompt the issuance of an LER or similar) become subject to more intensive review and post mortem.  Or actions that require specific, advance regulatory approval and require an SER or equivalent.^[5]  

Transparency is key.  Some say the true test of ethics is what people do when no one is looking.  Well the converse of that may also be true - do people behave better when they know oversight is or could be occurring?  We think a lot of the NRC’s regulatory scheme is already built on this premise, relying as it does on auditing licensee activities and work products.

Thinking back to the Davis Besse example, the criminal prosecutions of both the corporate entity and individuals were limited to providing false or incomplete information to the NRC.  There was no attempt to charge on the basis of the actual decisions to propose, advocate for, and attempt to justify, that the plant could continue to operate beyond the NRC’s specified date for corrective actions.  The case made by First Energy was questionable as presented to the NRC and simply unjustified when accounting for the real facts behind their vessel head inspections.

Transparency would be served by documenting and preserving the decision process on safety significant issues.  These data might include the safety significance and applicable criteria, the potential impact on business performance (plant output, cost, schedule, etc), alternatives considered, and the participants and their inputs to the decision making process, and how a final decision was reached.   These are the specifics that are so hard or impossible to reproduce after the fact.^[6]  The not unexpected result: blaming someone or something but not gaining insight into how the management system failed.

This approach would provide an opportunity for the NRC to audit decisions on a routine basis.  Licensee self assessment would also be served through safety committee review and other oversight including INPO.  Knowing that decisions will be subject to such scrutiny also can promote careful balancing of factors in safety decisions and serve to articulate how those balances are achieved and safety is served.  Having such tangible information shared throughout the organization could be the strongest way to reinforce the desired safety culture.

3. As part of its regulation of the safety management system, the NRC should restrict incentive compensation for nuclear management that is based on meeting business goals.

We started this series of posts focusing on criminalization of safety.  One of the arguments for more aggressive criminalization is essentially to offset the powerful pull of business-based incentives with the fear of criminal sanctions.  This has proved to elusive.  Similarly attempting to balance business incentives with safety incentives also is problematic.  The Transocean experience illustrates that quite vividly.^[7]

Our survey several years ago of nuclear executive compensation indicated (1) the amounts of compensation are very significant for the top nuclear executives, (2) the compensation is heavily dependent on each year’s performance, and (3) business performance measured by EPS is the key to compensation, safety performance is a minor contributor.  A corollary to the third point might be that in no cases that we could identify was safety performance a condition precedent or qualification for earning the business-based incentives. (See our July 9, 2010 post, Nuclear Management Compensation (Part 2)).  With 60-70% of total compensation at risk, executives can see their compensation, and that of the entire management team, impacted by as much as several million dollars in a year.  Can this type of compensation structure impact safety?  Intuition says it creates both risk and a perception problems.  Virtually every significant safety event in Table 1 has reference to the undue influence of production priorities on safety.  The issue was directly raised in at least one nuclear organization^[8] which revised its compensation system to avoid undermining safety culture. 

We believe a more effective approach is to minimize the business pressures in the first place.  We believe there is a need for a regulatory policy that discourages or prohibits licensee organizations from utilizing significant incentives based on financial performance.  Such incentives invariably target production and budget goals as they are fundamental to business success.  To the extent safety goals are included they are a small factor or based on metrics that do not reflect fundamental safety.  Assuring safety is the highest priority is not subject to easily quantifiable and measurable metrics - it is judgmental and implicit in many actions and decisions taken on a day-to-day basis at all levels of the organization.  Organizations should pay nuclear management competitively and generously and make informed judgments about their overall performance.

Others have recognized the problem and taken similar steps to address it.  For example, in the aftermath of the financial crisis of 2008 the Federal Reserve Board has been doing some arm twisting with U.S. financial services companies to adjust their executive compensation plans - and those plans are in fact being modified to cap bonuses associated with achieving performance goals. (See our April 25, 2013 post, Inhibiting Excessive Risk Taking by Executives.)

Nick Taleb (of Black Swan fame) believes that bonuses provide an incentive to take risks.  He states, “The asymmetric nature of the bonus (an incentive for success without a corresponding disincentive for failure) causes hidden risks to accumulate in the financial system and become a catalyst for disaster.”  Now just substitute “nuclear operations” for “the financial system”.

Central to Taleb’s thesis is his belief that management has a large informational advantage over outside regulators and will always know more about risks being taken within their operation. (See our Nov. 9, 2011 post, Ultimate Bonuses.)  Eliminating the force of incentives and providing greater transparency to safety management decisions could reduce risk and improve everybody’s insight into those risks deemed acceptable.

Conclusion

In industries outside the commercial nuclear space, criminal charges have been brought for bad outcomes that resulted, at least in part, from decisions that did not appropriately consider overall system safety (or, in the worst cases, simply ignored it.)  Our suggestions are intended to reduce the probability of such events occurring in the nuclear industry.

---

^[1] It raises the question whether anytime business priorities trump safety it is a case of deficient culture.  We have argued in other blog posts that sufficiently high business or political pressure can compromise even a very strong safety culture.  So reflexive resort to safety culture may be easy but not be very helpful.

^[2] Credit to Adam Steltzner author of The Right Kind of Crazy recounting his and other engineers’ roles in the design of the Mars rovers.  His reference is to the failure of O-ring seals on the space shuttle Challenger.

^[3] We do recognize that there are regulatory criteria for general organizational matters such as for the training and qualification of personnel. 

^[4] In essence this creates a “safe harbor” for most safety judgments and to which the NRC is effectively blind.

^[5] In Davis Besse much of the “proof” that was relied on in the prosecutions of individuals was based on concurrence chains for key documents and NRC staff recollections of what was said in meetings.  There was no contemporaneous documentation of how First Energy made its threshold decision that postponing the outage was acceptable, who participated, and who made the ultimate decision.  Much was made of the fact that management was putting great pressure on maintaining schedule but there was no way to establish how that might have directly affected decision making.

^[6] Kahneman believes there is “hindsight bias”.  Hindsight is 20/20 and it supposedly shows what decision makers could (and should) have known and done instead of their actual decisions that led to an unfavorable outcome, incident, accident or worse.  We now know that when the past was the present, things may not have been so clear-cut.  See our Dec.18, 2013 post, Thinking, Fast and Slow by Daniel Kahneman.

^[7] Transocean, owner of the Deepwater Horizon oil rig, awarded millions of dollars in bonuses to its executives after “the best year in safety performance in our company’s history,” according to an annual report…’Notwithstanding the tragic loss of life in the Gulf of Mexico, we achieved an exemplary statistical safety record as measured by our total recordable incident rate and total potential severity rate.’”  See our April 7, 2011 post for the original citation in Transocean's annual report and further discussion.

^[8] “The reward and recognition system is perceived to be heavily weighted toward production over safety”.  The reward system was revised "to ensure consistent health of NSC”.  See our July 29, 2010 post, NRC Decision on FPL (Part 2).

The Criminalization of Safety (Part 2)

Risky Business 

As we illustrated in Part 1 of this post a new aspect of safety management risk is possible criminal liability for actions, or inactions, associated with events that did, or could have, safety consequences.  While there has always been the potential for criminal liability it has generally been directed at the corporate level versus individual employees.  Heretofore, “few executives have been on the hook, partly because it is tough for prosecutors to prove an individual had criminal intent in a corporate setting where decision-making is spread among many.” ^1,2

The Justice Department has been making a new push to target individuals more frequently to hold them accountable for corporate malfeasance. Much of the criminal liability in recent years has been cropping up in industries other than nuclear, as illustrated in the summary table in Part 1.  The Deepwater Horizon drill rig explosion and the Massey Coal explosion at the Upper Big Branch mine have been leading examples.  More recently the series of scandals involving automobile manufacturers are adding to the record.  And the Flint water contamination situation is also evolving rapidly.  We’ll discuss the significance of these cases and how it could impact the conduct of individuals responsible for safe nuclear operations and the role of regulation.  In particular, under what circumstances criminal liability may attach and whether the potential to be held criminally liable is an effective force in assuring compliant behaviors and ultimately safety. 

Who’s a Criminal?

The various cases are a mix of corporate and individual liability.  All three corporations involved in Deepwater pleaded guilty to various charges and paid very large fines.  In BP’s case, it pleaded guilty to felony manslaughter.  Manslaughter charges against individuals employed by BP were dropped prior to trial.  Individual liability was limited to violations of the Clean Water Act and obstruction of justice (misdemeanors).³

David Uhlmann, a professor at the University of Michigan Law School and former environmental-crimes prosecutor stated, “The Justice Department always seeks to hold individuals accountable for corporate crime, but doing so in the Gulf oil spill meant charging individuals who had no control over the corporate culture that caused the spill.” ⁴

Other cases followed a similar pattern until Upper Big Branch.  Mostly lower level individuals were being targeted; higher ups were insulated from knowledge or direct involvement in the specific event.  With Massey prosecutors worked their way up the management chain all the way to the CEO.⁵  However even where there were significant indications of the CEO driving a “production first” culture, the felonies he faced were based on securities fraud and making false statements.  Ultimately he was convicted of violating safety standards and will serve jail time.⁶  Fukushima will be another attempt to hold senior management accountable (for something termed, “professional negligence”) but, as previously noted, the case is thought to be difficult.  The Attorney General in the Flint water cases promises more indictments and implies higher ups will be charged.  It remains to be seen whether this targeting of individuals will prove to be a truer preventive measure than other remedies.

Proof of Criminal Behavior is Difficult

Ultimately the prospect of criminal prosecution is fraught with legal and practical obstacles.⁷  Current law does not provide a realistic platform for prosecution or sentencing.  Statutory provisions are often limited to misdemeanors.  Making applicable statutes “tougher”, as already proposed by a presidential candidate, is also problematic as it risks over-criminalizing management actions which occur in a complex environment and involve many individuals.  Simple negligence is a problematic ground for criminal liability which generally requires a showing of intent or recklessness.⁸  As noted in regard to the VW scandal, “…investigations are ongoing. Whether criminal prosecutions result may be a matter of balancing suspicion of criminal wrongdoing against the standards of proof required - and the track record of recent prosecutions.⁹

All of the recent experience involving corporations were guilty pleas - the cases did not go to trial and so the standard of proof was not tested. In the BP cases, the DOJ made quite a splash with its indictments of individuals but clearly overreached in charging as the courts and juries quickly dismissed most cases and all felony charges.

Fukushima may be a bit of an oddity as the charges have been mandated by a citizen’s panel.   The charge is “professional negligence” which probably does not have a direct analog in U.S. law.  It does suggest that there will be scrutiny of the actual decisions made by executives which resulted in safety consequences.  In the Flint cases, there will another attempt to review an actual safety decision.  An engineer of the Michigan Department of Water Quality is charged with “misconduct” in authorizing use of the Flint water plant “knowing” it was deficient.  Bears watching.

Competing Priorities and Culture Are Being Cited More Frequently 

Personnel are already in a difficult position when it comes to assuring safety. Corporations inherently, and often quite intentionally, place significant emphasis on achieving operational and business goals.  These goals at certain junctures may conflict with assuring safety.  The de facto reality is that it is up to the operating personnel to constantly rationalize those conflicts in a way that achieves acceptable safely.  Those decisions are rarely obvious, may imply significant benefits or costs, and are subject to ex post critical review with all the benefits of time, hindsight, and no direct decision making responsibility.  Thus the focus may shift from decisions to the culture that may have produced or rationalized those decisions.

The Mine Safety and Health Administration report concluded that the [Upper Big Branch] disaster was "entirely preventable," and was caused in part by a pattern of major safety problems and Massey's efforts to conceal hazards from government inspectors, all of which "reflected a pervasive culture that valued production over safety.”  The Governor of West Virginia’s independent review also found that Massey had “made life difficult” for miners who tried to address safety and built “a culture in which wrongdoing became acceptable.”

As noted in the media, “the automotive industry is caught up in an emissions rigging scandal that exposes systematic cheating and an apparent culture of corrupt ethics."  At VW nine executives so far have been suspended but blame has been focused on a small group of engineers for the misconduct, and VW contends that members of its management board did not know of the decade-long deception.  The idea that a few engineers are responsible “just doesn’t pass the laugh test,’ said John German, a former official at the Environmental Protection Agency…its management culture — confident, cutthroat and insular — is coming under scrutiny as potentially enabling the lawbreaking behavior.¹⁰  Mitsubishi Motors is also implicated and investigations are being launched into their peers – including Daimler and Peugeot – to assess the extent of the problem around the world.

Ineffective Regulation is Becoming a Focus 

Last but perhaps the most intriguing evolution in these cases is a new emphasis on the responsibility of the regulator when safety is compromised. There was an extensive and ongoing history of violations at Big Branch Mine, many unresolved, but which did not lead to more stringent enforcement measures by the Mine Safety and Health Administration (MSHA) - such as a shutdown of mine operations.  State of West Virginia investigators claimed that the U.S Department of Labor and its MSHA were equally at fault for failing to act decisively after Massey was issued 515 citations for safety violations at the UBBM in 2009.  “…officials with the MSHA repeatedly defended their agency’s performance. They were quick to point to the fact that the Mine Safety Act places the duty for providing a safe workplace squarely on the shoulders of the employer, insisting that the operator is ultimately responsible for operating a safe mine.” ¹¹

Similar concerns have arisen with regard to Fukushima where safety regulators have been perceived to lack independence from nuclear plant operators. And thinking back to Davis Besse, it seems that the NRC’s actions could have been more intrusive and proactive in determining the condition of the RPV head prior to allowing the inspections to be delayed.

With regard to Flint we noted above that criminal (felony) charges have been brought against a state engineer for “misconduct in office” for authorizing use of the Flint plant.  In addition, he and a supervisor are also charged with misconduct in office for “willfully and knowingly misleading the federal Environmental Protection Agency…”   An expert in environmental crimes notes ”It’s extremely unusual and maybe unprecedented for state and local officials to be charged with criminal drinking water violations, . . .” ¹²

Whether these pending actions lead to a robust effort to hold regulators and their staff accountable is hard to know.  It bears watching, particularly the contention by MSHA and other regulatory agencies including the NRC, that operators are primarily and ultimately responsible. In Part 3 we’ll share some thoughts on what might other approaches might be effective.

¹ P. Loftus, "Criminal Trials of Former Health-Care Executives Set to Begin," The Wall Street Journal (May 22, 2016).

² The Davis Besse case is prototypical of the way cases were handled in the past.  The corporation pleaded guilty to making false statements and paid a big fine.  Lower level individuals were found guilty of similar charges.  In the Siemaszko trial the court was quite ready to attribute to the defendant knowledge of the content of NRC communications, whether directly prepared by him or not, or acquiescence in materials drafted by others that misrepresented conditions for the RPV.  They also dismissed his contention that he lacked proper expertise.  The court found that he knew and had a motive - keeping the plant running.  There was testimony that higher management was the source of the operational pressure but culpability did not extend beyond the individuals making the actual statements and submittals to the NRC.

³ Transocean Deepwater Inc. also admitted that members of its crew onboard the Deepwater Horizon, acting at the direction of BP’s Well Site Leaders were negligent in failing fully to investigate clear indications that the well was not secure and that oil and gas were flowing into the well.  Halliburton was the supplier of drilling cement to seal the outside of the drilling pipe.  Its guilty plea admitted destroying evidence of instructions to employees to “get rid of” simulation analyses of the event that failed to show that Halliburton’s recommendations to BP would have lowered the risk of a blowout.  [S. Mufson, "Halliburton to Plead Guilty to Destroying Evidence in BP Spill," The Washington Post (July 25, 2013).]  This was an attempt to show that a decision by BP to use fewer pipe centralizers was a serious error contributing to the accident.

⁴ A. Viswanatha, "U.S. Bid to Prosecute BP Staff in Gulf Oil Spill Falls Flat," The Wall Street Journal (Feb. 27, 2016).

⁵ Notably the lower level managers pleaded to charges and did not go to trial.  The acquittal of the CEO on felony level charges illustrates the challenges of proving these cases.

⁶ “Large punitive or compensating settlements, so the argument goes, act as an effective deterrent for mining companies, forcing them to improve their safety systems or face potentially debilitating fines. However, given the revelations about Massey and the several major US mining disasters that have taken place in the last ten years, it's impossible to argue that financial punishment has been a wholly effective scarecrow, especially when companies feel they can game the MSHA system.”  [C. Lo, "Upper Big Branch: the search for justice," Mining-technology.com (June 20, 2013).]

⁷ "To this point, research on corporate crime has been, for the most part, overlooked by mainstream criminology. In particular, corporate violations of safety regulations in the coal mining industry have yet to be studied within the field of criminology.”  [C. N. Stickeler,  "A Deadly Way of Doing Business: A Case Study of Corporate Crime in the Coal Mining Industry," University of South Florida (Jan. 2012).]

⁸ “carelessness which is in reckless disregard for the safety or lives of others, and is so great it appears to be a conscious violation of other people's rights to safety. It is more than simple inadvertence, but it is just shy of being intentionally evil.”  Read more: http://dictionary.law.com/Default.aspx?selected=838#ixzz41W5CGRf0.

⁹ J. Ewing and G. Bowley, "The Engineering of Volkswagen’s Aggressive Ambition," The New York Times (Dec. 13, 2015).

¹⁰ Ibid.

¹¹ The quote is from the case study and references the Governor’s investigation - McAteer, J. D., Beall, K., Beck, J. A., Jr., McGinley, P. C., Monforton, C., Roberts, D. C., Spence, B., & Weise, S. (2011). Upper Big Branch: The April 5, 2010, explosion: A Failure of Basic Coal Mine Safety Practices (Report to the Governor).

¹² M. Davey and R. Perez-Pena "Flint Water Crisis Yields First Criminal Charges," New York Times (April 20, 2016). 

The Criminalization of Safety (Part 1)

US DOJ logo

Nuclear safety management and culture relies on nuclear personnel conducting themselves in accordance with espoused values and making safety the highest priority.  When failures occur individual workers may be (and often are) blamed but broader implications are generally portrayed as an organizational culture deficiency and addressed in that context.  

Only rarely does the specter of criminality enter the picture, requiring a level of malfeasance - intentional conduct or recklessness - that is beyond the boundaries of conventional safety culture. 

The potential for criminal liability raises several issues.  What is the nexus between safety culture and criminal behavior?  What is the significance of the increased frequency of criminal prosecutions following major accidents or scandals in nuclear and other industries?  And where does culpability really lie - with individuals? culture? the corporation? or the complex socio-technical systems within which individuals act?

If one has been paying close attention to the news fairly numerous examples of criminal prosecutions involving safety management issues across a variety of industries and regulatory bodies is occurring.  It is becoming quite a list of late.  We thought this would be an appropriate time to take stock of these trends and their implications for nuclear safety management.

Recent Experience

We have prepared a table* summarizing relevant experience from the nuclear and other high risk industries.  (The link is to a pdf file as it is impractical to display the complete table within this blog post.)  Below is a table snippet showing a key event: the criminal prosecutions associated with the Davis Besse reactor vessel head corrosion in 2001/2002. First Energy, the owner/operator, pleaded guilty to criminal charges and two lower level employees were found guilty at trial.  A third individual, a contractor working for First Energy, was acquitted at trial.

More currently high level executives of TEPCO, the owner/operator of the Fukushima plant in Japan, were charged, though the circumstances are a bit odd.  Prosecutors had twice declined to bring criminal charges but were ultimately overruled by a citizens panel.  The case is expected to be difficult to prove.  Nonetheless this is an attempt to hold the former TEPCO Chairman and heads of the nuclear division criminally accountable.

The only other recent examples in the U.S. nuclear industry that we could identify involved falsification of documents, in one instance by a chemistry manager at Indian Point and the other a security officer at River Bend.**  One has pleaded guilty and sentenced to probation; the other case has been referred to the U.S. Department of Justice (DOJ).

Looking beyond nuclear, the picture is dominated by several major operational accidents - the Deepwater Horizon drill rig explosion and the explosion of the Upper Big Branch coal mine owned by Massey Energy.  Deepwater resulted in guilty pleas by the three corporations involved in the drilling operation - BP, Transocean and Halliburton - with massive criminal and civil fines.  BP’s plea included felony manslaughter.  Several employees also faced criminal charges.  Two faced involuntary manslaughter charges in addition to violations of the Clean Water Act.  The manslaughter charges were later dropped by prosecutors.  One employee pleaded guilty to the Clean Water Act violations and was sentenced to probation, the other went to trial and was acquitted.

The Massey case is noteworthy in that criminal charges ultimately climbed the corporate ladder all the way to the CEO.  Ultimately he was acquitted of felony charges of securities fraud and making false statements, but he “was convicted of a single count of conspiring to violate federal safety standards; he was not convicted of any count holding him responsible for the 2010 accident at the Upper Big Branch mine.”***  It “is widely believed to be the first CEO of a major U.S. corporation to be convicted of workplace safety related charges following an industrial accident.”****  Three other individuals also pleaded or were found guilty of misdemeanor charges.

Next up are the auto companies, GM, Volkswagen and Mitsubishi.  The GM scandal involved the installation of faulty ignition switches in cars that subsequently resulted in a number of deaths.  GM entered into a plea agreement with DOJ admitting criminal wrongdoing and paid large monetary fines.  As of this time no criminal charges have been brought against GM employees.  VW and Mitsubishi have both admitted to manipulating fuel economy and emissions testing and there is speculation that other auto manufacturers could be in the same boat.  The investigations are ongoing at this time but criminal pleas at the corporate level are all but certain.

Last in this pantheon is the city of Flint water quality scandal.  The Attorney General of Michigan recently filed criminal charges against three individuals and promised “more charges soon”.  The interesting aspect here is that the three charged are all government workers - one for the city and two for the Michigan Department of Environmental Quality.  And the two state officials have been charged with misconduct in office, a felony.  Essentially regulators are being held accountable for their oversight.  As David Ullmann, a former chief of DOJ’s environmental crimes section, stated, “It’s extremely unusual and maybe unprecedented for state and local officials to be charged with criminal drinking water violations.”  This bears watching.

In Part 2 we will analyze the trends in these cases and draw some insights into the possible significance of efforts to criminalize safety performance.  In Part 3 we will offer our observations regarding implications for nuclear safety management and some thoughts on approaches to mitigate the need for criminalization.


*  Criminal Prosecutions of Safety Related Events (May 22, 2016).

**  We posted on the Indian Point incident on May 12, 2014 and the River Bend case on Feb. 20, 2015.

***  A. Blinder, "Mixed Verdict for Donald Blankenship, Ex-Chief of Massey Energy, After Coal Mine Blast," New York Times (Dec. 3, 2015 corrected Dec. 5, 2015).

****  K. Maher, "Former Massey Energy CEO Sentenced to 12 Months in Prison," Wall Street Journal (April 6, 2016).  The full article may only be accessible to WSJ subscribers.

Nuclear Safety Culture is Improving at the Waste Isolation Pilot Plant—Maybe

The WIPP

On Feb. 14, 2014, a drum containing radioactive waste exploded at the Department of Energy (DOE) Waste Isolation Pilot Plant (WIPP) resulting in the release of americium and plutonium into the environment.  In our May 3, 2014 review of the DOE’s phase 1 accident report, a weak safety culture (SC) was deemed a significant contributing factor to the incident.  The plant has yet to resume normal operations.

Over the last two years, DOE and Nuclear Waste Partnership (NWP, the prime contractor) have made efforts to strengthen the SC at the WIPP.  Following are two data points we can use to infer how much progress they’ve made.

Incentive Payment to NWP

In FY2015 NWP earned a performance fee* based on both objective and subjective criteria.  Overall, NWP received 85.7% of the total potential fee ($11,714K out of $13,665K.)
 
The objective portion comprised 75% of the total potential fee and NWP was awarded 89.7% of that amount ($9,194K).  Only one objective criterion appears related to SC, viz., “reducing preventive and corrective maintenance backlogs” and NWP received the full fee possible, $550K out of $550K.

The subjective portion comprised 25% of the total potential fee and NWP was awarded 73.7% of that amount ($2,520K).  There is more information about SC in this portion of the award fee determination document.  DOE said NWP’s performance on improving its safety programs reflected “a maturing nuclear safety culture with continuous improvements.”  However, there were signs of SC weakness in the Areas for Improvement including “The contractor did not provide sufficient objective evidence of closure of all of the corrective actions it submitted as complete in FY2015”; “The small number of self-assessments by the contractor in FY2015 was inadequate to measure performance” and “Recent improvements in the nuclear safety culture are slowly being realized in the safe execution of work . . .”

DNFSB Critique of WIPP's Upgraded Documented Safety Analysis 

A recent Defense Nuclear Facilities Safety Board (DNFSB) staff report** reviews the WIPP Documented Safety Analysis (DSA) currently being updated by NWP under the oversight of DOE.  The DNFSB report identifies one significant issue for DOE management attention, summarized below:

The Feb. 2014 explosion occurred because Los Alamos National Laboratory (LANL) shipped ignitable waste to WIPP even though the existing Waste Acceptance Criteria (WAC) prohibited such action.  Currently, other LANL-generated drums containing potentially ignitable waste are securely stored at WIPP.

The draft DSA does not analyze the possibility that some similar accident could occur involving a container arriving at WIPP in the future.  Instead, DOE and NWP argue that improvements to the WIPP WAC and/or WAC compliance program will reliably prevent problems in future waste receipts.  In other words, something that happened before will not happen again because WIPP will be watching for it.  For this approach to work, WAC compliance by the waste generators and WIPP inspectors must be completely effective and 100% reliable.  DNFSB recommends that DOE and NWP management “explore defense-in-depth measures that enhance WIPP’s capability to detect and respond to problems caused by unexpected failures in the WAC compliance program.”

Our Perspective

The performance fee awards indicate that NWP needs to keep working to strengthen its SC to an acceptable level.

The DSA issue is more troublesome.  What kind of effective SC would blow off (pun intended) its responsibility to consider the possibility of recurrence of exactly the kind of problem that occurred before and caused the WIPP to be shut down for over two years?  We criticize other organizations for over-analyzing the specifics of individual accidents while ignoring other possibilities, especially systemic issues, but in this case, NWP and DOE are not even reaching the lowest perceptible bar of repeat incident prevention.

We’ll give the DNFSB points for raising the DSA issue but take away some points because they didn’t make a straightforward recommendation that NWP and DOE complete a more thorough analysis of the specific hazard of another drum of prohibited waste slipping through the system and into the underground.

At best, we can say the SC at the WIPP is incrementally improved.  DOE has always taken a half-hearted approach to SC and their lack of commitment is visible here.


*  T. Shrader (DOE) to P. Breidenbach (NWP), "Contract DE-EM0001971 Nuclear Waste Partnership LLC - Award Fee Determination for the Period October 1, 2014 through September 30, 2015, and FY2015 Fee Determination Scorecard for Total Earned Award Fee and Performance Based Incentives" (April 12, 2016).

**  J.L. Connery (DNFSB) to E.J. Moniz (DOE), letter with DNFSB Staff Issue Report “Waste Isolation Pilot Plant Documented Safety Analysis” dated Jan. 13, 2016 attached (Mar. 28, 2016).