Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
1 Introduction This chapter identifies and provides background on issues that led to the request for this study, lays out the study charge, explains how the com- mittee conducted its work in fulfillment of its charge, and describes the organization of the report. CHALLENGE OF REGULATING SAFETY IN HIGH-HAZARD INDUSTRIES Many government regulations are intended to ensure safetyâfor example, in the workplace; in consumer markets; and in the transportation, min- ing, and manufacturing sectors (see examples of federal safety programs in Table 1-1). Some regulations are aimed at preventing common harmful incidents, such as car crashes, food poisonings, oil and chemical leaks, and trips and falls on the job. Other regulations target incidents that occur much less frequently but that can lead to numerous deaths and injuries and severe environmental damage, such as airliner crashes, marine tanker spills, mine collapses, capsizings of ferries, and chemical plant explosions. Ascertaining the level of safety improvement caused by regulations intended to prevent the latter incidents can be difficult because changes in the risk of low-frequency, high-consequence events, which are rare to begin with, are seldom discernible from incident data, and other potentially relevant data on near misses may not be available (Carrigan and Coglianese 2012). Nevertheless, when a catastrophic event does occur, it is often followed by intense scrutiny of industry and government prevention efforts, including the design, content, and enforcement of safety regulations. 5
6 DESIGNING SAFETY REGULATIONS FOR HIGH-HAZARD INDUSTRIES TABLE 1-1â Examples of Federal Agencies Having Safety and Health Regulatory Responsibilities Safety and Health Agency Department Regulatory Purview Bureau of Safety and Interior Offshore energy facilities Environmental Enforcement Consumer Product Safety Independent Consumer products Commission Federal Aviation Transportation Airports, aircraft, airlines, Administration and air traffic operations Federal Motor Carrier Safety Transportation Commercial motor vehicle Administration operations Federal Railroad Transportation Freight and passenger rail Administration Federal Transit Administration Transportation Public transportation Food and Drug Health and Human Food, drugs, medical Administration Services devices, tobacco, and cosmetics Food Safety and Inspection Agriculture Meat, poultry, and eggs Service Mine Safety and Health Labor Mines Administration National Highway Traffic Transportation Motor vehicles and motor Safety Administration vehicle equipment Nuclear Regulatory Independent Nuclear reactors, nuclear Commission materials, and radioactive waste Occupational Safety and Labor Workplaces Health Administration Office of Air and Radiation, U.S. Environmental Air, water, radiation, Office of Water, Office of Protection Agency chemical safety and Chemical Safety and Pollution pollution, and toxic and Prevention, Office of Land and solid waste Emergency Management Pipeline and Hazardous Transportation Gas and hazardous liquid Materials Safety pipelines and hazardous Administration cargoes U.S. Coast Guard Homeland Security Maritime vessels, equipment, and operations
INTRODUCTION 7 The April 2010 well blowout and explosion of the Deepwater Ho- rizon drilling rig in the Gulf of Mexico is a prominent example. That high-consequence event prompted many questions about the design and implementation of a safety regulatory regime whose major purpose was to reduce the risk of such catastrophes. Until then, U.S. regulations govern- ing offshore oil and gas development were presumed by many observers to be working well (TRB 2016, 2). Technological advances had enabled exploration and production in deeper waters and in higher-pressure, higher- temperature reservoirs that were once too challenging to develop. In turn, offshore facilities, equipment, materials, and operations had become in- creasingly varied and complex. In a speech just weeks before the Deep- water Horizon disaster, President Barack Obama stated that technological advances had made offshore drilling significantly safer (Tumulty 2010). After the disaster, which caused the death of 11 workers and the release of millions of barrels of oil into the Gulf of Mexico, he announced the need for new steps to help âensure that a catastrophe like this never happens againâ (Tumulty 2010). The response of the Obama administration included changes in how the industry is regulated. Investigations and inquiries that followed the Deepwater Horizon explosion had raised numerous concerns about the effectiveness of the countryâs offshore safety regulatory regime. Among the concerns was the high degree of specificity of the U.S. Department of the Interiorâs regulations, which were characterized as focusing too narrowly on individual risk factors as opposed to system-level risks that arise from interactions among technology and human operators (Deepwater Horizon Study Group 2011; National Academy of Engineering and National Re- search Council 2012; National Commission on the BP Deepwater Horizon Oil Spill and Offshore Drilling 2011). The design of the regulatory regime, through its reliance on a large collection of narrowly targeted commands, suggested that regulators could know most sources of risk and specify a safety intervention for each. However, the growth in diversity and com- plexity of the design and operations of offshore facilities had led to many facility- and operations-specific risks. The deficiencies of a highly specified regulatory approach appeared to be conceptually evident before the Deep- water Horizon disaster,1 although they were not yet manifest in incident data. 1â In the mid-1990s, the Minerals Management Service (MMS), which preceded the Bureau of Safety and Environmental Enforcement, began encouraging offshore operators to follow American Petroleum Institute Recommended Practice 75 for creating safety management programs. In 2006, the agency proposed a rule to require operators to institute a safety and environmental management systems program, described as âa comprehensive system to reduce human error and organizational failure.â The rule was finalized in October 2010, about 6 months after the Deepwater Horizon blowout. It added to an earlier requirement, introduced
8 DESIGNING SAFETY REGULATIONS FOR HIGH-HAZARD INDUSTRIES Because of these concerns, the department created the Bureau of Safety and Environmental Enforcement (BSEE) to regulate the offshore sector and added requirements that each offshore operator establish a safety and environmental management system (SEMS) (BSEE 2010). The previous regulatory approach had been criticized for contributing to a âcompliance mind-setâ among offshore operators intent on meeting a âchecklistâ of nar- rowly prescribed actions (Bennear 2015; Deepwater Horizon Study Group 2011; NAE and NRC 2012). The SEMS rule was introduced to encourage operators to assume more direct responsibility for managing their sources of risk in a comprehensive manner âthat looks beyond baseline compli- anceâ (BSEE 2015, 8). For example, the rule requires that drilling operators act on their own to identify and assess all possible risks created by their operations and then to develop a plan to manage them. Such a plan might include specific steps, such as installation of safety equipment or routine monitoring of operations, as well as practices, such as documentation and record-keeping, to ensure that all the planned steps are taken. A specified process and time interval for reassessment of risks and updating of the operations plan would likely be part of an operatorâs SEMS. The intent of such customized safety management systems is to prompt the executives, managers, and frontline workers of each operator to become vigilant, systematic, and deliberate in identifying and controlling all of their risks. System-level risks arising from the diverse, complex, and changing interactions among human operators, technology, and environmental and operating conditions, as discussed in Box 1-1, are among the risks targeted. Calls for similar regulatory changes had been made after catastrophes in other industries. More than a decade before the Deepwater Horizon disaster, a series of major pipeline failures prompted the U.S. Department of Transportationâs Pipeline and Hazardous Materials Safety Administra- tion (PHMSA)2 to reassess its heavy reliance on regulations that prescribe specific interventions targeted to individual factors that can affect the incidence and severity of pipeline failures (Research and Special Programs Administration 1999). As BSEE would do later, PHMSA responded by adding a requirement that operators establish management systems. In this case, operators of large transmission systems were required to create programs for ensuring the integrity of pipelines whose releases could cause serious harm in locations defined as âhigh-consequence areasâ because of their concentrations of people and natural resources (Research and Special by MMS in 1998, for lessees of deepwater projects to submit an operations plan summarizing planned processes for identifying, evaluating, and reducing the risk of uncontrolled releases and other safety and environmental incidents. 2â At the time, the U.S. Department of Transportationâs Office of Pipeline Safety was admin- istered by the Research and Special Programs Administration, whose pipeline and hazardous materials safety responsibilities were transferred to PHMSA when it was created in 2004.
INTRODUCTION 9 Box 1-1 System-Level Risks Interest in organizational safety planning and management programs is, in part, a response to a growing consensus that trivial, unplanned events occur all the time but occasionally can lead to disasters. Charles Perrow (1984) coined the term ânormal accidentsâ to describe how ordinary, mundane, conventional, and routine (i.e., normal) features of complex technologies can lead to disasters. He argued that it is unrealistic to imagine that any system is immune to failure (Perrow 2007). In his now well-accepted account, accidents are a normal feature of complex technologies because, although exactly when and where failures will occur cannot be known, we can be confident that all systems are subject to some form of failure at some point in time. âNothing is perfect, neither designs, equipment, procedures, operators, sup- plies, or the environment. Because we know this, we load our complex systems with safety devices in the form of buffers, redundancies, circuit breakers, alarms, bells, and whistles. Small failures go on continuously in the system since nothing is perfect, but the safety devices and the cunning of designers, and the wit and experience of the operating personnel, cope with them. Occasionally, however, two or more failures, none of them devastating in themselves in isolation, come together in unexpected ways and defeat the safety devices. [This is] the definition of a ânormal accidentâ or system accidentâ (Perrow 1999, 356). Technological and social systems can be analytically distinguished by varia- tions along a continuum from linear to complex interactions among their compo- nents and by the looseness or tightness of the coupling among the component interactions. âIf a system is tightly coupled,â Perrow noted, what might appear to be minor component failures âcan cascade faster than any safety device or operator can cope with them, or they can even be incomprehensible to those responsible for doing the coping. If the accident brings down a significant part of the system, and the system has catastrophic potential, we will have a catastropheâ (Perrow 1999, 357). Programs Administration 2000). Today, nearly all pipeline operators must have integrity management programs. By supplementing its long-standing âprescriptiveâ regulations in this manner, PHMSA sought to ensure that operators themselves would be- come more cognizant of and deliberate in controlling factors that can lead to pipeline failures, including those arising from system-level interactions. More recently, PHMSA has cooperated with the pipeline industry in devel- oping guidance on the implementation of safety management systems simi- lar to SEMS. The guidance is intended to support the development of more comprehensive systems to manage safety through integrity management as well as operating procedures, employee training, emergency preparedness,
10 DESIGNING SAFETY REGULATIONS FOR HIGH-HAZARD INDUSTRIES failure investigations, and other means. However, in this case, use of the management guidance by pipeline operators remains voluntary.3 Whether BSEEâs and PHMSAâs embrace of a regulatory design that requires the application of such management tools has been effective in reducing the risk of incidents is difficult to ascertain. Discerning whether any of its regulations, regardless of design, are having the intended effect of reducing the risk of low-frequency, high-consequence events is a chal- lenge for a regulator of a high-hazard industry. A lengthy period without a major incident may cause a regulator to believe its regulatory regime is having a positive effect in controlling risks that can lead to catastrophes when that may not be the case. Alternatively, the occurrence of a single catastrophe may create an understandable but potentially false perception that the regime has failed to manage risks effectively and may prompt calls for it to be overhauled or supplemented with alternative regulatory designs (Carrigan and Coglianese 2012). Regulators of high-hazard industries must make regulatory design choices that they believe will be most effective and be able to explain the reasons for their choices to policy makers and the public, even when they cannot use incident trend data or other quantitative measures to justify those choices. To do so the regulator may need to make use of qualitative information that is suggestive of each design typeâs potential to reduce risks. For example, safety regulators may consider whether the sources of risk are well understood and predictable, common to most of the regulated firms, and capable of being managed with uniformly applied interventions. Under these circumstances, the regulator may favor a regulatory regime consist- ing of many highly focused requirements that target individual risks with specific means of control, as is characteristic of BSEEâs and PHMSAâs tra- ditional regulations. Alternatively, if the nature of the problem is such that many risk factors arise from the diversity and complexity of the industryâs facilities and operations, the regulator may conclude, as BSEE and PHMSA did, that a regime consisting of many specific regulatory commands will not be sufficient. In this case, the response may be to replace or supplement traditional forms of regulation with requirements for more customized management systems that compel operators to identify and manage their facility- and operations-specific risks and to build organizational cultures that address such risk in a more dynamic and holistic manner (see Box 1-2). The nature of the problem that government intervention is intended to address is thus critical to decisions about regulatory design. However, such decisions also depend on other considerations, as BSEEâs and PHMSAâs experiences illustrate. An important factor is the prospects for compliance 3â American Petroleum Institute Recommended Practice 1173 (http://www.api.org/~/media/ files/publications/whats%20new/1173_e1%20pa.pdf).
INTRODUCTION 11 Box 1-2 Organizational Safety Culture The term âsafety cultureâ was coined after the 1986 Chernobyl nuclear plant disaster. Since then it has been referenced in the media, scholarship, and orga- nizational management both as an explanation for accidents and as a means for improving the safety of complex and tightly coupled technologies posing risks of major accidents (ACS 2012; Silbey 2009; TRB 2016). The term has been adopted to refer to the ongoing processes that align what is important to an organization with how things actually work and what is routinely done (Weick 1987).Â Three related concepts of culture are often mentioned in the literature on this topic: culture as a set of values and attitudes shared by organizational members that shape action; culture as the preferences and processes engineered into a complex system; and culture as the messages and meanings that are communi- cated, often unconsciously, through ongoing practices, habits, and language (i.e., what we do) (Silbey 2009). This third concept of culture considers safety as a type of âorganizational expertiseâ that is âsituated in the system of ongoing practicesâ and âconstituted, institutionalized, and continually redefined and renegotiated within the organizing processes through the interplay between action and reflexivity.â Importantly, safety practices have âboth explicit and tacit dimensionsâ (Gherardi and Nicolini 2000, 329). They are behavioral habits and routines and are also expressed through artifacts. They are both âmaterial and mental and representationalâ (Gherardi and Nicolini 2000, 329). âRather than a specific organization of roles and learning pro- cesses or measurable set of attitudes and beliefs,â safety culture is understood as an aspirational goal to be achieved, however difficult and elusive, and âoften only one of a number of competing organizational objectivesâ (Silbey 2009, 356). Thus, an organization may require employees to wear personal protective equipment for the safe handling of contaminants. Over time, the quality of that equipment may decline as available materials and designs improve and as knowledge of contamination increases. The purchase of new equipment may be viewed as too expensive relative to some other purchase. The weighing of costs and benefits itself may express different safety commitments, and the criterion of safety may shift as the knowledge of risk and available mitigations develops. The effectiveness of implementing a safety culture depends on providing workers and managers with information about changing vulnerabilities and the means for addressing these vulnerabilities. It also depends on workers and man- agers continually revising approaches to work in efforts to remain sensitive to the possibility of failure and on their knowledge that they may be only partially aware of the possibilities for failure. A culture of safety depends on remaining dynami- cally, persistently engaged in self-assessments to avoid stale, narrow, or static representations of the dynamic and evolving paths to system failure. Management systems can offer tools for systematizing dynamic processes for self-assessment and responsive programming. Safety culture, like any other type of culture, will vary across organizations. The existence of just one or even only a few models of a good safety culture is continued
12 DESIGNING SAFETY REGULATIONS FOR HIGH-HAZARD INDUSTRIES Box 1-2â Continued unlikely, since a good safety culture expresses commitments to and is consonant with other local organizational norms and practices. If companies merge, the exis- tence and interaction of different cultures may create a significant risk, which was part of the background of the Texas City refinery explosion (Baker Panel 2007). with a given regulatory design. For example, if enough regulated firms lack the requisite resources and technical competencies to implement the requirements of a regulationâsuch as a rule that requires a small firm to develop and apply sophisticated risk assessment tools beyond its capaci- tiesâthe regulator may need to search for regulatory designs that are more compatible with the industryâs ability to comply. Similarly, a regulation with a design that is misaligned with the enforcement capacity of the regulator runs the risk of being ineffective if active enforcement is needed to ensure complianceâfor example, if a small agency inspection staff is expected to verify that hundreds of firms are complying with numerous detailed require- ments. Under these circumstances, the regulator may need to enhance its enforcement capacity or choose other regulatory designs that align better with its capacity. BSEE and PHMSA have concluded that requirements for SEMS and integrity management programs are essential in controlling the risks in the industries they oversee. Both agencies have had to address compliance challenges arising from a regulatory design that gives operators flexibility to craft and execute their risk management programs. Each agency has done so in various ways, including initiatives to assist industry with com- pliance, modifications of traditional inspection programs, and changes in the structure and dictates of the regulations. Details are given later in this report. These initiatives, as both regulators have learned, can be difficult to implement. They require a commitment of resources and understanding from policy makers who may not appreciate the complexity of controlling catastrophic risks through regulation. Regulators must therefore articulate why they are committed to a particular regulatory approach, even though they may lack clear quantitative evidence of its safety benefits. STUDY CHARGE These examples from BSEE and PHMSA show that government agencies face important choices about how to regulate through different regulatory
INTRODUCTION 13 designs. This study more closely examines these regulatory design choices and the factors that regulators must consider in making them, particularly when a major aim of the regulation is to prevent incidents in high-hazard industries. The study is intended to inform regulators of all high-hazard industries, including not only those involved in the production and trans- portation of oil and gas but also industries as diverse as the nuclear, chemi- cal manufacturing, marine transportation, and mining sectors. Although the scale and scope of the safety threat may vary among these industries, their respective regulators face similar challenges in designing regulations that promise to reduce the occurrence of low-frequency, high-consequence events. The study was sponsored by PHMSAâs Office of Pipeline Safety, which was responsible for making the decision nearly 20 years ago to augment its long-standing set of highly detailed and targeted regulations with one man- dating that pipeline operators establish integrity management programs. The decision was informed in part by experience in the United Kingdom and Norway. In those countries, regulators had supplemented their tradi- tional regulatory regimes with requirements for oil and gas companies to establish customized safety management systems to control the diverse risks arising from the design and operation of their offshore facilities. PHMSA was persuaded that because many of the hazardous liquid and gas pipeline systems it oversees are similarly varied in their design, configuration, opera- tions, and environmental setting, they too could benefit from a regulatory approach that emphasizes more context-specific risk management. PHMSAâs charge to the study committee is contained in the statement of task in Box 1-3. Informed by regulatory experience in the United States and abroad, the committee was expected to âidentify possible opportunities for, and constraints on, making greater use of [performance-based safety regulation]â and âmake recommendations about the application of this regulatory approach in high-hazard industries, such as off-shore oil and gas, pipelines, and other modes of transportation.â As PHMSA officials explained to the committee, the purpose of the study was not to advise on when government regulation is needed to address a safety problem but rather to assess options for how to design a regulation once the decision to intervene has been made. PHMSA has long referred to its integrity management regulations as âperformance-based.â As noted in the statement of task, this term has as- sumed multiple meanings. It is sometimes used in reference to regulations that require firms to achieve certain ends but without specifying the means of compliance. At other times it is used in reference to regulations that do not specify ends but require firms to apply management means while giv- ing them flexibility in customizing those means to circumstances. PHMSAâs integrity management regulation is an example of the latter design. Thus,
14 DESIGNING SAFETY REGULATIONS FOR HIGH-HAZARD INDUSTRIES Box 1-3 Study Statement of Task Many countries, including the United States, use forms of performance-based regulation to promote safety and reduce risk in high-hazard industries. The term âperformance-basedâ is often used to refer to (a) standards that mandate out- comes and give firms flexibility in how to meet them, or (b) requirements for firms to use management systems consisting of internal plans and practices for promot- ing safety and reducing risk. Performance-based regulation is usually contrasted with âprescriptiveâ regulationâsometimes called specification, design, or technol- ogy standardsâthat requires firms to adopt specific means to promote safety and reduce risks. This study will compare the advantages and disadvantages of prescriptive- and performance-based forms of safety regulation and identify pos- sible opportunities for, and constraints on, making greater use of the latter. The study will be informed by experiences of performance-based safety regulation in the United States and abroad and will make recommendations about the applica- tion of this regulatory approach in high-hazard industries, such as off-shore oil and gas, pipelines, and other modes of transportation. the assumption can be made that the agencyâs decision to sponsor this study was motivated largely by an interest in obtaining a better understanding of the opportunities for and constraints on making greater use of this form of so-called âperformance-basedâ regulation. The studyâs scope is limited to examining the choices that safety regula- tors face in designing their regulations. Regulators face many other deci- sions that do not necessarily hinge on the choice of a regulatory design. Specific enforcement strategies are among the topics not examined in this report, even though the term âperformance-basedâ is sometimes used in reference to the strategies that regulators pursue in enforcing their regula- tions. For example, a regulator may observe that a pipeline operator con- sistently meets all requirements for installing a corrosion control system or that a power plant consistently meets all limits on the emission of an air pollutant. A regulator may decide to subject firms with a record of con- sistent compliance to less intense enforcement activity (e.g., by reducing the reporting burden or the frequency of inspections made by regulatory personnel). This approach to enforcement is sometimes characterized as performance-based in the sense that it takes into account the performance of the regulated entity in complying with applicable regulatory commands (Coglianese and Nash 2014). However, an enforcement approach is dif- ferent from, and independent of, the design of regulatory commands. As indicated by the two examples just givenâa regulation prescribing means
INTRODUCTION 15 (installation of a pipeline corrosion control system) and a regulation defin- ing the outcome that must be achieved (keeping emissions below a certain level)âthe same enforcement strategy could be applied to regulations with fundamentally different designs. Similar observations could be made about the application of ârisk-basedâ strategies for enforcing regulations, because risk evaluations can be used to guide enforcement decisions about any type of regulatory design. Another matter that is not addressed in this report is how safety regu- lators choose the objectives of their regulatory interventions, such as the desired level of risk reduction. Other National Academy of Sciences stud- ies have addressed issues that deserve consideration by regulators when they are deciding on risk reduction approaches and objectives (Institute of Medicine 2009, 2013; National Research Council 1996). The risk reduction objective is an important choice, and the regulator may consider alterna- tive criteria for making that choice, such as the precautionary principle, the concept of âas low as reasonably practicableâ (ALARP), or efficiency and equity considerations.4 However, regardless of the criterion used, a regula- tory objective can be selected independently of regulatory design choices. For example, if the objective of a regulation is to reduce the risk of an activity by 50 percent or by 90 percent, the regulator in either case could prescribe the use of specific technologies expected to achieve the desired reduction level, or it could impose a mandatory performance standard and require that regulated entities achieve the desired reductions through any means they choose. The regulator can strive to bring about the risk reduc- tion with either regulatory design, and there is no reason to believe that one design is inherently more effective than the other in delivering the specified risk reduction objective. STUDY APPROACH A committee consisting of experts in regulation, risk analysis, and the management of firms in high-hazard industries was appointed to conduct the study. To gain a better understanding of its charge, the committee com- menced work by holding a series of information-gathering meetings to elicit 4â Precautionary principle: Minimize risk in a precautionary manner by limiting an activity whose suspected threats are not fully or well understood. ALARP: Reduce risks to the point where it is possible to demonstrate that the cost of reducing the risk further would be grossly disproportionate to the benefit gained. Efficiency: Reduce risks to the point where the marginal benefit equals the marginal cost. Equity: Reduce risks on the basis of fairness considerations, as instructed by Executive Order 12898, which directs U.S. federal agencies to identify and address the disproportionately high and adverse human health or environmental effects of their actions on minority and low-income populations to the greatest extent practicable and permitted by law.
16 DESIGNING SAFETY REGULATIONS FOR HIGH-HAZARD INDUSTRIES a wide range of views from regulators and other knowledgeable sources. The meetings included briefings given by pipeline regulators at the U.S. federal and state levels and Canadaâs federal level, representatives from North American pipeline companies, offshore oil and gas regulators from the United States and countries in the North Sea region, and representatives from the offshore oil and gas industries in the United States and the North Sea region. Participants are acknowledged in the Preface. The committee did not limit its information gathering to the pipeline and offshore sectors. It met with regulators and safety managers from sev- eral other sectors, including airline, railroad, and marine transportation; chemical manufacturing; and occupational health and safety. To further its understanding of regulatory implementation and evaluation processes, the committee met with experts on federal rulemaking and regulatory develop- ment and enforcement. Finally, the committee interviewed representatives from labor unions, whose members are directly affected by safety regula- tion, and heard from a local official of a coastal community with a keen interest in the safe performance of the offshore oil and gas industry. The information-gathering meetings provided the committee with in- sight into how regulators, regulated firms, and others perceive and experi- ence the design of safety regulations. Their perceptions and experiences varied widelyâas did the terminology they used to describe regulations. The same regulations were alternatively described by different individuals as ârisk-based,â âgoal-based,â âprinciple-based,â âmanagement-based,â and âperformance-based.â The term âprescriptiveâ was often used interchange- ably to describe regulations that were also called âtechnical,â âdesign- specific,â or âtechnology-based.â The terms âcommand-and-controlâ and âone-size-fits-allâ were sometimes used as alternatives to the âprescriptiveâ label, almost always with negative connotations. During these discussions, the inconsistent use of the term âperformance- basedâ was especially confounding. As originally understood by most com- mittee members, this term refers to regulations that specify a desired end or outcome. For example, a power plant may be required to limit sulfurÂ emis- sions to a given level but not be told how to achieve that level. The power plant operator is thus afforded leeway to select the most suitable means of limiting emissionsâby burning low-sulfur coal, installing scrubbers, or improving its energy conversion capacity, among others. This type of âperformance-basedâ regulation is the antithesis of what most members of the committee understood to be the usual definition of a âprescriptiveâ regulation, under which the regulator mandates the use of a particular means of compliance. For example, the power plant operator may be re- quired to use a particular emissions control technology such as a scrubber. Although references to âprescriptiveâ regulations were often consistent with this usual definition, sometimes the term was used to refer to any type
INTRODUCTION 17 of regulation that left regulated entities little room for flexibility. For ex- ample, regulations that are âperformance-basedâ in the sense noted above were sometimes characterized as âprescriptiveâ when the required level of performance could be met by only one technology or course of action. The committee also repeatedly heard the term âperformance-basedâ used to describe regulations that require firms to establish management systems. As discussed above, PHMSA uses this label to refer to its require- ment for the implementation of integrity management programs. BSEE also uses the term to describe its SEMS regulations (BSEE 2015, 8). The committee heard similar terminology in other high-hazard industries. A possible reason for calling such regulations âperformance-basedâ is that they often give firms flexibility to formulate and execute the specific ele- ments of their requisite management programs. Flexibility in the means of compliance is a hallmark of traditional performance-based regulations such as the sulfur emissions control regulation cited above (Bennear and Coglianese 2012). A fundamental difference is that regulations that require management programs are seldom accompanied by mandates that the pro- grams achieve specified safety outcomes, such as keeping pipeline failures or offshore incidents below a defined frequency. Indeed, regulations that require management systems have been characterized in the literature as having more in common with âprescriptiveâ regulations, because of the fact that they prescribe the use of specific management actions to ensure safety (Coglianese and Lazer 2003). The committee also surmises that the varied use of the term âperformance-basedâ may be reflective of broader policy interest in per- formance. In recent decades there is perhaps no more common element of efforts to reform government policies and programs than the demand for accountability through the quantification of outputs and outcomes (Moynihan 2008). In the United States, this emphasis has taken differ- ent forms. Federal legislation such as the Government Performance and Results Act (GPRA) of 1993 and the GPRA Modernization Act of 2010 requires all public-sector recipients of federal funds to report and make use of performance data. Policy-specific reforms in areas such as welfare (e.g., Personal Responsibility and Work Opportunity Reconciliation Act of 1996) and education (e.g., No Child Left Behind Act of 2002 and Every Student Succeeds Act of 2016) encourage the use of performance measures. Practices assumed to contribute to performance not only have been mandated by government but also have been embraced by professional groups whose members work in the public sector. The scope of interest has grown, and researchers have started to use the term âperformance regimesâ to describe ânot just the practices of measuring and managing performance indicators but also to capture the embedded nature of these practices in almost all aspects of contemporary governanceâ (Moynihan et al. 2011,
18 DESIGNING SAFETY REGULATIONS FOR HIGH-HAZARD INDUSTRIES 141). In view of the political legitimacy ascribed to performance as a tool of governing, the likelihood of any proposed policy reform, including a new regulatory policy, being accepted is presumably higher when it is described as âperformance-based.â However, a drawback of describing regulations that require manage- ment systems as âperformance-basedâ is that the description implies that regulators are holding firms accountable for achieving specified safety out- comes, such as demonstrable reductions in the frequency of incidents. In- deed, at the outset of the study, many of the committee members were under the impression that regulations requiring safety management systems were called performance-based because they required certain safety outcomes. Others who briefed the committee held similar views, which turned out to be incorrect. Because of the inconsistent and sometimes confusing use of the term âperformance-based,â the committee recognized a need for greater conceptual clarity about types of regulatory designs. The committee realized that this study offered an opportunity to provide such conceptual clarity and that such clarity was crucial for conducting the study and for improv- ing regulatory decision making. The committee, informed by the regulatory studies literature, thus developed and applied a conceptual framework for categorizing and comparing types of regulations according to their main design features. The framework, which is described in Chapter 2, is used throughout the remainder of this report. While the conceptual framework can be applied to regulations from all fields, the committee was charged with providing advice specifically about the design of regulations to ensure safety in high-hazard industries, as informed by experiences in the United States and abroad. Accordingly, an important component of this study was the development of several detailed case studies of regulation of different high-hazard industries in the United States, Canada, and Europe. The four case studies that are providedâdrawn from the regulation of the pipeline and offshore oil and gas sectorsâare intended to illustrate the conceptual framework adopted by the committee and the array of implementation, compliance, and en- forcement issues that accompany regulation design types applied in dif- ferent high-hazard industries under different conditions. The case studies also offer insight into why some regulatory regimes have evolved as they haveâfor example, by relying to varying degrees on one or more regula- tory design types. The case studies illuminate and enrich the committeeâs discussion of the key factors that safety regulators must consider in making choices about how to regulate. In view of PHMSAâs interest in âperformance-basedâ regulations, which the committee interprets as regulations that require management pro- grams, the report pays particular attention to the use of management-based regulations in high-hazard industries. The committee came to recognize the
INTRODUCTION 19 special challenges that regulators of these industries face in identifying and designing regulations to control the many complex sources of risk and in determining whether their regulations are reducing the potential for major incidents. The observations and advice set forth in this report are thus of- fered in a constructive spirit. Their aim is to improve the ability of PHMSA and other regulators of high-hazard industries to make regulatory design choices suited to particular conditions and to explain these choices to policy makers and the public. REPORT ORGANIZATION The remainder of the report is organized into five chapters. Chapter 2 de- fines key terms used in the report and provides a conceptual framework for categorizing regulations into basic design types. The framework is based on a common nomenclature that can overcome the confusion described above when overlapping and normatively weighted terminology is used. The framework is then applied as a means of comparing designs to address different problems under different conditions. Chapter 3 illustrates this framework with examples of regulations from two different high-hazard industriesâspecifically the pipeline industries in the United States and Canada and the offshore oil and gas industries in the United States, the United Kingdom, and Norway. The framework could be applied in much the same way to understand the different types of regulatory designs used by other governmental entities in regulating other high-hazard industries. On the basis of the conceptual framework and information gleaned from the literature and the case studies, Chapter 4 identifies factors for regulators to consider when they choose from among regulatory design types and structures. The discussion shows how commonly held views of the advantages and disadvantages of design typesâwhether characterized as âprescriptive,â âperformance-based,â or something elseâcan be overly generalized and potentially misleading as a guide for making regulatory choices suited to particular problems and conditions. In response to the sponsorâs interest in the use of regulations that require management pro- grams to ensure safety in high-hazard industries, Chapter 5 more closely examines conditions that can affect the use of these regulations in this context. Chapter 6 contains a summary assessment of key observations emerging from this study and advice in support of better-informed regula- tory decision making.
20 DESIGNING SAFETY REGULATIONS FOR HIGH-HAZARD INDUSTRIES REFERENCES Abbreviations ACS American Chemical Society BSEE Bureau of Safety and Environmental Enforcement TRB Transportation Research Board ACS. 2012. Creating Safety Cultures in Academic Institutions. Washington, D.C. Baker Panel. 2007. The Report of the B.P. U.S. Refineries Independent Safety Review Panel. http://www.csb.gov/assets/1/19/Baker_panel_report1.pdf. Bennear, L. S. 2015. Positive and Normative Analysis of Offshore Oil and Gas Drilling Regu- lations in the U.S., U.K., and Norway. Review of Environmental Economics and Policy, Vol. 9, No. 1, pp. 2â22. Bennear, L. S., and C. Coglianese. 2012. Flexible Approaches to Environmental Regulation. In Oxford Handbook of U.S. Environmental Policy (S. Kamieniecki and M. E. Kraft, eds.), Oxford University Press, Oxford, United Kingdom. BSEE. 2010. Final Rule. Oil and Gas and Sulphur Operations in the Outer Continental ShelfâSafety and Environmental Management Systems. Federal Register, Vol. 75, No. 199, Oct. 15, pp. 63609â63654. BSEE. 2015. Annual Report 2015. U.S. Department of the Interior, Washington, D.C. Carrigan, C., and C. Coglianese. 2012. Oversight in Hindsight: Assessing the U.S. Regulatory System in the Wake of Calamity. In Regulatory Breakdown: The Crisis of Confidence in the U.S. Regulation (C. Coglianese, ed.), University of Pennsylvania Press. Coglianese, C., and D. Lazer. 2003. Management-Based Regulation: Prescribing Private Man- agement to Achieve Public Goals. Law and Society Review, Vol. 37, No. 4, Dec., pp. 691â730. Coglianese, C., and J. Nash. 2014. Performance Trackâs Postmortem: Lessons from the Rise and Fall of EPAâs âFlagshipâ Voluntary Program.Â Faculty Scholarship, 1233.Â http:// scholarship.law.upenn.edu/faculty_scholarship/1233. Deepwater Horizon Study Group. 2011. Final Report on the Investigation of the Macondo Well Blowout. Center for Catastrophic Risk Management, University of California, Berkeley, March 1. Gherardi, S., and D. Nicolini. 2000. To Transfer Is to Transform: The Circulation of Safety Knowledge. Organization, Vol. 7, No. 2, pp. 329â348. Institute of Medicine. 2009.Â Environmental Health Sciences Decision Making: Risk Man- agement, Evidence, and Ethics: Workshop Summary. The National Academies Press, Washington, D.C. Institute of Medicine. 2013.Â Environmental Decisions in the Face of Uncertainty. The National Academies Press, Washington, D.C. Moynihan, D. P. 2008. Public Management in North America: 1998â2008.Â Public Manage- ment Review, Vol. 10, No. 4, pp. 482â492. Moynihan, D. P., S. Fernandez, S. Kim, K. LeRoux, S. J. Piotrowski, B. E. Wright, and K. Yang. 2011. Performance Regimes Amidst Governance Complexity.Â Journal of Public Administration Research and Theory,Â Vol. 21, pp. i141âi155. National Academy of Engineering and National Research Council. 2012. Macondo Well Deep- water Horizon Blowout: Lessons for Improving Offshore Drilling Safety. The National Academies Press, Washington, D.C.
INTRODUCTION 21 National Commission on the BP Deepwater Horizon Oil Spill and Offshore Drilling. 2011. Deep Water: The Gulf Oil Disaster and the Future of Offshore DrillingâReport to the President. Government Printing Office, Washington, D.C., Jan. National Research Council. 1996.Â Understanding Risk: Informing Decisions in a Democratic Society. National Academy Press, Washington, D.C. Perrow, C. 1984. Normal Accidents: Living with High-Risk Technologies. Princeton University Press, Princeton, N.J. Perrow, C. 1999. Normal Accidents: Living with High-Risk Technologies, Updated Edition. Princeton University Press, Princeton, N.J. Perrow, C. 2007. The Next Catastrophe. Princeton University Press, Princeton, N.J. Research and Special Programs Administration. 1999. Notice of Proposed Rulemaking: Pipe- line Safety: Pipeline Integrity Management in High Consequence Areas. Federal Register, Vol. 65, No. 79, April 24, pp. 21695â21710. Research and Special Programs Administration. 2000. Final Rule: Pipeline Safety: Pipeline In- tegrity Management in High Consequence Areas (Hazardous Liquid Operators with 500 or More Miles of Pipeline). Federal Register, Vol. 65, No. 232, Dec. 1, pp. 75378â75411. Silbey, S. S. 2009. Taming Prometheus: Talk About Safety and Culture. Annual Review of Sociology, Vol. 35, pp. 341â369. TRB. 2016. Special Report 321: Strengthening the Safety Culture of the Offshore Oil and Gas Industry. Transportation Research Board, Washington, D.C. Tumulty, K. 2010. Obama Struggling to Show Heâs in Control of Oil Spill. The Washington Post, May 28. Weick, K. 1987. Organizational Culture as a Source of High Reliability. California Manage- ment Review, Vol. 29, pp. 112â127.