1

ENVIRONMENTALAUDITS,SELF-DISCLOSURE

AND

ENVIRONMENTALINSPECTIONS

Presented by:

Brad Sugarmanbsugarman@taftlaw.com

Jeff Stemerickjstemerick@taftlaw.com

What is an Environmental AuditPrivilege or Immunity?

What is an Environmental AuditPrivilege or Immunity?

• Environmental audit laws typically haveone or both of the following:

– An evidentiary and disclosure privilege thatmakes an audit report not subject to discoveryand inadmissible in court.

– Immunity from some penalties or enforcementfor violations that are discovered andvoluntarily disclosed.

2

2

Federal & State PoliciesFederal & State Policies

FEDERAL POLICIES

United States EnvironmentalProtection Agency

– Audit Policy, 65 Fed. Reg. 19,618 (April 11, 2000)

• Officially titled “Incentives for Self-Policing: Discovery,Disclosure, Correction and Prevention of Violations.”

– Small Business Compliance Policy, 65 Fed. Reg.19,630 (April 11, 2000)

3

Policy ObjectivePolicy Objective

4

3

Federal & State ProgramsFederal & State Programs

STATE POLICY

Indiana Department of EnvironmentalManagement

– Self-Disclosure and Environmental Audit Policy

» Adopted April 5, 1999

» Revised on November 16, 2006, and again onFebruary 5, 2010

5

• USEPA encourages self-auditing

• USEPA Incentives for Self-Policing (April 2000):

• Can eliminate up to 100% of gravity basedpenalties (may still impose economic benefitpenalty)

• Will not recommend criminal prosecution• Will not make routine requests for audit report

• Protection for New Owners (2008): provides incentivesfor owners of new companies (acquisitions/mergers) toconduct self-audits

6

Why? Penalty ReductionWhy? Penalty Reduction

4

Why? NextGen ComplianceWhy? NextGen Compliance

• eDisclosure Portal

• Coming Fall 2015

• CBI cannot be submitted througheDisclosure

• Two-Tiered system with differentresolutions:

7

What is Next Generation Compliance?What is Next Generation Compliance?

8

5

Why? SustainabilityWhy? Sustainability

• Detailed review of environmental practicesmay lead to money saving ideas

– Elimination of hazardous waste streams inmanufacturing operations

– Greening supply chain

– Improving best practices

9

S u s t a i n a b i l i t yS u s t a i n a b i l i t y

1. Reject sustainability - INACTION

2. Bare minimum - DOING THE ABSOLUTE MINIMUM

TO STAY IN BUSINESS

3. Seen as a cost - PHILANTHROPIC ACTIVITY THAT

IS JUST A COST

4. Cutting Costs - REDUCE CONSUMPTION

5. Risk Management – REDUCE RISK

6. Indirect Benefits –BETTER EMPLOYEES &

SUPPLIERS

7. Opportunities –NEW PRODUCTS & MARKETS

8. Strategic Approach –COHESIVE DIRECTION

9. Integration –EVERYONE AT EVERY LEVEL

10. Continuous Improvement –REFLECTION &

REVISION

Not onBoard

OnBoard

10

6

• No gravity-based penalties will be assessed againstentities for violations discovered and disclosed pursuantto the audit policy. The entity may still be subject to apenalty equaling the amount of economic gain it receivedfrom the violation

• EPA will reduce the gravity-based penalties by 75% forviolations that were not discovered through anenvironmental audit or through a compliancemanagement system, but otherwise meet all the otherrequirements of the audit policy

• EPA will neither request nor use an environmental auditreport to initiate a civil or criminal investigation, and willnot request an environmental audit report during routineinspections

11

EPA Self-Audit Policy:Scope of Immunity (Civil)

EPA Self-Audit Policy:Scope of Immunity (Civil)

EPA Self-Audit Policy:Scope of Immunity (Criminal)

EPA Self-Audit Policy:Scope of Immunity (Criminal)

• EPA will not recommend to the Department of Justice that criminalcharges be brought against an entity that discloses a potentialcriminal violation pursuant to the audit policy (even if the violationwas not discovered through an environmental audit or a compliancemanagement system), unless EPA determines that the violation ispart of a pattern or practice involving:

– A prevalent management practice that conceals or condonesenvironmental violations; or

– High-level corporate officials’ or managers’ conscious involvement in, orwillful blindness to, violations of environmental laws.

• The audit policy only protects the entity itself. It does not protectemployees. EPA may still recommend the prosecution of criminalacts committed by individual employees and managers, even if thecompany complies with the audit policy.

12

7

The Nine ConditionsThe Nine Conditions

1. Systematic Discovery

2. Voluntary Discovery

3. Prompt Disclosure

4. Independent Discovery and Disclosure

5. Correction and Remediation

6. Prevent Recurrence

7. No Repeat Violations

8. Certain Violations Excluded

9. Cooperation

13

Condition #1:Systematic Discovery

Condition #1:Systematic Discovery

• The violation must be discovered through anenvironmental audit or a compliancemanagement system reflecting the regulatedentity’s due diligence in preventing, detecting,and correcting violations

• EPA will still reduce gravity-based penalties by75% if this condition is not met

• This condition is not necessary for the criminalcomponent of the audit policy

14

8

Condition # 2:Voluntary Discovery

Condition # 2:Voluntary Discovery

• The disclosure must be voluntary and not throughlegally mandated monitoring or sampling requiredunder the law, a permit, judicial order, or consentdecree. The following disclosures are not “voluntary”:

– Emissions violations detected through a continuousemissions monitoring device where such monitoring isrequired

– Violations of an NPDES permit detected through requiredsampling or monitoring

– Violations discovered through a compliance audit requiredto be performed by a consent decree or settlementagreement (unless the audit is a component of acomprehensive environmental management system to beimplemented under the settlement agreement)

15

Condition # 3:Prompt Disclosure

Condition # 3:Prompt Disclosure

• The violation is fully disclosed to the EPAin writing within 21 days of discovery(unless a statute or regulation requires aparticular violation to be reported in ashorter time period)

• “Discovery” occurs when an officer,director, employee or agent has anobjectively reasonable basis for believingthat a violation has, or may have, occurred

16

9

Condition #4:Independent Discovery & Disclosure

Condition #4:Independent Discovery & Disclosure

• The violation must be discovered and disclosedbefore any of the following occurs:

– Federal, local, or state government begins aninspection or investigation or issues an informationrequest

• If the EPA determines that the entity did not know its facilitywas under investigation, and the disclosure of a violation wasmade in good faith, the EPA may use its discretion and waiveor reduce penalties

– Notice of a citizen suit

– The filing of a complaint by a third party

– The reporting of the violation by a whistlebloweremployee

– Imminent discovery by a regulatory agency17

Condition # 5:Correction & Remediaiton

Condition # 5:Correction & Remediaiton

• The violation must be corrected within 60 daysof discovery

• An extension may be requested from EPA, butthe EPA may require a written settlementagreement, administrative consent order, orconsent decree as a condition of obtaining reliefunder the audit policy

• EPA reserves the right to order correction orremediation in less than 60 days if a shorter timeperiod is feasible and is necessary to protectpublic health and the environment

18

10

Condition # 6:Prevent Recurrence

Condition # 6:Prevent Recurrence

• The regulated entity must agree in writingto take steps to prevent recurrence of theviolation

• Preventative steps could includeimprovements to environmental auditingefforts or compliance managementsystems

19

Condition # 7:No Repeat Violations

Condition # 7:No Repeat Violations

• The same violation (or a closely relatedviolation), has not occurred within the past3 years at the same facility, and has notoccurred within the past 5 years as part ofa pattern at multiple facilities owned by thesame entity.

• The clock begins to run when the violatoris given notice of a specific violation by thegovernment or a third party not when theviolation occurred

20

11

Condition # 8:Certain Violations Excluded

Condition # 8:Certain Violations Excluded

• Penalty reduction is not available for:

– Violations that result in serious actual harm

– Violations that may have presented animminent and substantial endangerment topublic health or the environment

• This exclusion does not necessarily precludeapplication of the Audit Policy solely because theviolation resulted from a release of pollutant

– Violations of the specific terms of a judicial oradministrative order or a consent agreement

21

Condition # 9:Cooperation

Condition # 9:Cooperation

• The regulated entity must cooperate withthe EPA and provide such information asis necessary for EPA to determine theapplicability of the audit policy.

• The entity must not hide, destroy, ortamper with evidence once a violation isdiscovered.

22

12

EPA Self-Audit Policy:The Self-Disclosure Letter

EPA Self-Audit Policy:The Self-Disclosure Letter

• Disclosure letter must address the nine prerequisites forPolicy protection

• EPA may choose only to mitigate the penalty, anddepending on other factors, choose enforcement action

• Check prior history of company compliance, includingother locations. The Policy is less likely to provideprotection for repeat offenders

• Expect EPA to follow-up.

23

EPA Small Business PolicyEPA Small Business Policy

• EPA will waive gravity-based penalties if allconditions are met

• Applies to entities with 100or fewer employees

• Provides no criminal protection

24

13

EPA Small Business Policy: ConditionsEPA Small Business Policy: Conditions

• Voluntary discovery

• Prompt disclosure– Written disclosure must be made within 21 days

• Prompt Correction– Violations must be corrected in 90 or 180 days with

the submission of a written schedule

– Correction requiring installation of pollution preventionmeasures may take 360 days to correct

25

When EPA’s SmallBusiness Policy Does Not Apply

When EPA’s SmallBusiness Policy Does Not Apply

• The business has previously received a warning letter,NOV, field citation, citizen suit, or other enforcement for thesame violation in the last three years

• There has been a penalty reduction under the policy or asimilar state policy in the last three years

• Subject to two or more enforcement actions involving anyenvironmental regulation in the past five years

• Violation discovered through an information request, inspections,field citations, reported to the agency by a third party orwhistleblower employee, identified in notices of citizens suits*

• The violation is discovered through a monitoring or samplingrequired by statute, regulation, permit, or judicial or administrativeorder

• The violation caused actual serious harm to public health, safety,or the environment

• The violation involves criminal conduct

26

History ofNon-compliance

14

EPA’s Audit Policy for NewOwners

EPA’s Audit Policy for NewOwners

• Interim Approach to Applying the Audit Policy to NewOwners, 73 Fed. Reg. 44991 (Aug. 1, 2008)

• Effective August 1, 2008

• New owners have an opportunity to make a “clean start”

• Provides tailored incentives for penalty mitigation

• Extends deadlines for disclosure and includes certainmandatory disclosures as eligible

27

Indiana’s Self-Audit & Self-Disclosure Protection

Indiana’s Self-Audit & Self-Disclosure Protection

• Very similar to USEPA Policy

• Statute: creates a privilege to protect the self-audit

• Nonrule Policy: establishes reductions in penalties forself-disclosure

• Up to 100% civil penalty reduction through voluntarydisclosure

• No enforcement for violations where the conditions aresatisfied

28

15

Indiana’s Audit ProtectionConditions

Indiana’s Audit ProtectionConditions

• Nine Conditions, almost identical to the USEPA policy

• Discovered voluntarily through audit or systematicevaluation

• Disclosure within 45 days (as opposed to 21)

• Correct violations within 60 days

• Agree in writing to prevent recurrence

• Label: “Environmental Audit Report; PrivilegedDocument”

29

Indiana’s Statutory ProtectionIndiana’s Statutory Protection

• An internal, voluntary audit is privileged and inadmissiblein civil cases (exceptions for criminal matters, fraud, andfailure to make efforts to achieve compliance)

• Can be waived by giving it to IDEM

• Attorney-client and work-product privileges continue toapply if applicable

30

16

What is anEnvironmental Audit?

What is anEnvironmental Audit?

• A systematic, documented, periodic and objective reviewby regulated entities of facility operations and practicesrelated to meeting environmental requirements

• USEPA’s Audit Policy (2000)

• A systematic, documented and objective review of anaudited entity to evaluate its compliance status relativeto audit criteria

• ASTM Standard E2107-06 (Reapproved 2014)

• ISO 14001 Certification Process

31

What is a

Compliance Management System?What is a

Compliance Management System?

• A “Compliance Management System”encompasses the regulated entity’sdocumented systemic efforts, appropriateto the size and nature of its business, toprevent, detect and correct violationsthrough six required components.

32

17

Compliance Management Systems:Six Criteria

Compliance Management Systems:Six Criteria

1. Compliance policies, standards and procedures thatidentify how employees and agents are to meet therequirements of laws, regulations and other sources ofauthority for environmental requirements

2. Assignment of overall responsibility for overseeingcompliance with policies, standards and procedures,and assignment of specific responsibility for assuringcompliance at each facility or operation

3. Mechanisms for systematically assuring thatcompliance policies, standards and procedures arebeing carried out

33

Compliance Management Systems:Six Criteria

Compliance Management Systems:Six Criteria

4. Efforts to communicate effectively the regulated entity’sstandards and procedures to all employees and otheragents

5. Appropriate incentives to managers and employees toperform in accordance with the compliance policies,standards and procedures, including consistentenforcement through appropriate disciplinary mechanisms

6. Procedures for the prompt and appropriate correction ofany violations, and any necessary modifications to theregulated entity’s compliance management system toprevent future violations

34

18

Key Concepts:Audit Plan

Key Concepts:Audit Plan

• Document that describes the audit. Components include:

35

Objective Health & SafetyIssues

Special conditions

Scope of the Audit Report Preparation Communication

Identity of theaudited entity

Record retentionand managementrequirements

Confidentiality

Audit Schedule Working papersmanagement

Logistics

Audit Team Authority for audit

Environmental Compliance Audits -

BenefitsEnvironmental Compliance Audits -

Benefits

1. Reduction or elimination of potential legal and financial liabilities

2. Can improve compliance with legislative and regulatoryrequirements

3. Better communication and improved relationships withgovernmental agencies

4. Identification of opportunities for environmental managementsystem (EMS) improvements

5. Provides information for the development of both short-term andlong-term expenditures

6. Increase employee awareness of environmental policies andresponsibilities

7. Helps to identify areas of employee training programs

36

19

Additional BenefitsAdditional Benefits

– Can be part of a larger environmental assessment ofbusiness operations

– Identify cost-saving opportunities (waste minimization,elimination of processes that have inherentenvironmental risk)

– Prevents pollution and eliminates waste

– Can facilitate access to new markets

– Can be a catalyst to continually improve operations

– Helps in attracting a high-quality work force

– Can create community goodwill

– Can eliminate criminal exposure

37

Environmental Compliance Audits-

RisksEnvironmental Compliance Audits-

Risks

1. Increased potential legal and financial liabilities for thecompany if audit findings are not corrected or are notcorrected in a timely manner

2. Disclosure of confidential business information (CBI) ortrade secrets

3. Inadvertent admissions against interest because of thewording of the audit findings

4. Disclosure of findings intended to be kept confidentialunder audit privilege laws or attorney-client privilege orwork-product doctrine

5. Inaccurate audit findings

38

20

Preparing the Audit Findings:Legal Issues

Preparing the Audit Findings:Legal Issues

1. Qualifying for and maintaining evidentiary privileges

2. Qualification for and maintaining limited immunity

3. Protecting trade secrets and confidential businessinformation

4. Audit language – what you say and do not say

5. Potential liability for the auditors

6. Appropriately addressing audit findings

39

Implementing an EnvironmentalAuditing Program

Implementing an EnvironmentalAuditing Program

• Strategic considerations: what are your objectives?

• Is the company prepared to fix what you find?

• Is this a “one-off”, or part of a systematic plan?(document systematic approach and schedule regularaudits)

• Forming the audit team and assigning duties

40

21

Instructions to Audit TeamPrior to Audit

Instructions to Audit TeamPrior to Audit

• Level of involvement of plant personnel

• Confidentiality: Company Legal Department involvement

• Suggestions regarding recording of observations andfindings

• Audit Report: format, drafts, final, recipients

• Corrective Measures follow-up

• When tempted to use e-mail…..stop….keep it verbal

41

Do’sDo’s

• Hand-pick your audit team carefully (attitude,competence, ability to work with others, including hourlyemployees, can-do approach)

• The team should meet prior to the audit to understandrespective roles

• Give precise instructions: map it out

• Interim verbal reporting to Team Leader of significantfindings

• Verbal internal reporting of violations of law to CompanyLegal Department

• Correction of issues on the spot42

22

Do’sDo’s

• Conduct document review and review theirorganization

• Encourage good housekeeping [No. 1 EPAobservation]

• Consider unannounced audits

43

Don’tsDon’ts

• Discuss the audit with anyone outside the team

• Write e-mails discussing the audit

• Take photos unless cleared with legal first

• Confront employees

• Jump to conclusions

44

23

Avoiding PitfallsAvoiding Pitfalls

• Carefully evaluate self-reporting vs. notice of violationfrom regulatory agency: if the matter is likely to come tothe attention of the agency, the pendulum swings towardself-reporting, even if self-disclosure policies may notapply

• Keep your internal audit team small and confidential: setthe ground rules first

• Follow the environmental audit privilege and self-disclosure requirements

• Before commencing the audit, ensure that companymanagement understands that corrective measures maybe required.

45

Are You Fully Protected if YouFollows These Steps?

Are You Fully Protected if YouFollows These Steps?

• No. Third-party citizens’ suits underenvironmental laws (RCRA, CWA, CAA) maynot be barred.

• No. Private-party nuisance, trespass and bodilyinjury claims are not barred.

• On balance, is self-disclosure the right decision?Answer: A fact-specific analysis is required. Thedisclosure clock is ticking.

46

24

Other StatesOther States

• Arizona (03/97, small business only, 05/98, small business only, 01/02) – Must haveless than 20 employees or less than $2 million in gross income. Must disclose within10 days

• Arkansas (2008) – Must disclose within 21 calendar days

• California (07/96, 12/98, 10/03) – Must disclose within 21 working days (or suchshorter period provided by law)

• Connecticut (10/96, 03/00, 04/05/02, 07/04) – Must disclose within 30 days (or suchshorter period provided by law)

• Delaware (04/94, 04/97, 06/00, 06/02, 12/02, 03/03, 09/03) – Must disclose within 21days

• Florida (04/96) – Must disclose within 10 days

• Hawaii (01/98) - * No mention of a timeframe

• Indiana (04/5/99, 11/06, 02/10) – Must disclose within 45 days (or such shorter periodprovided by law)

• Maine (01/96, 02/96) (only applicable to small business) – The business mustemploy 100 or fewer employees company-wide to be eligible. Must correct theviolation within 90 days from discovery

47

Other StatesOther States

• Maryland: Must disclose within 10 days

• Massachusetts: Must disclose within 21 days (or such shorter periodprovided by law)

• Minnesota: No self-disclosure policy. Statutory protection provided forparticipants in complex MN Environmental Improvement Program. Underthis program, must disclose within 45 days

• New Mexico: Must disclose within 10 days (or such shorter period providedby law)

• New York: Must disclose within 30 calendar days

• North Carolina: Must disclose “voluntarily and promptly”

• Oklahoma: Must disclose voluntarily, promptly, and fully before the Divisionlearns of the violation or is likely to learn of it imminently

• Oregon: Must disclose within 21 days

• Pennsylvania: Must disclose “promptly after the information or knowledgeconcerning the violation is discovered”

• South Carolina: Statutory privilege and immunity (Sec. 48-57-10)

48

25

Other StatesOther States

• Tennessee: Must disclose within 21 days (policy document)

• Texas: Must notify TCEQ that audit is to commence to takeadvantage of immunity, but audit report remains privileged if noticenot provided (provision is statutory)

• Vermont: Must disclose within 10 days (or such shorter periodprovided by law)

• Washington: No timeframe, but disclosures and the timeliness ofsuch disclosures are considered as mitigating factors

• Wyoming: Must disclose within 60 days

• Wisconsin: Requires notification to DNR 30 days prior to audit; auditreport must be submitted to DNR with corrective action plan(provision is statutory)

49

Handling InspectionsHandling Inspections

• Be cordial and cooperative

• Denying access will invite anadministrative or judicial search warrant

– Denying access will likely set the tone for amore thorough inspection

– Interfering with execution of a search warrantcan result in criminal penalties

• Being combative or uncooperative will onlymake things worse

50

26

When the Inspector ArrivesWhen the Inspector Arrives

• Request credentials and make a copy ofbusiness cards

• Ask the inspector why he has come andwhat he is inspecting

• Assign an employee to accompany theinspector

– It is helpful to have a second employee totake notes

• The inspector should wear all appropriatepersonal protective equipment and followall safety rules 51

Handling InspectionsHandling Inspections

• The inspector can take photos or videos ofappropriate areas

• Consider split sampling

• Prevent wandering

• Records Inspections

– Be sure to separate privileged documents andsensitive communications

52

27

After the InspectionAfter the Inspection

• Closing Conference Tips

– Correct violations before the inspector leavesif possible

– Document the inspector’s comments

– Ask if there are best management practicesthat should be improved

• IDEM inspectors must orally discloseviolations during the inspection

53

Confidential Business InformationConfidential Business Information

• Both EPA’s and IDEM’s regulations allow for theconfidential treatment of confidential businessinformation (“CBI”)

• Only certain information defined by regulation qualifiesas CBI

• The CBI claim process must be strictly followed or theconfidentiality claim may be waived

• EPA’s CBI regulations: 40 C.F.R. pt. 2, sub. pt. B.

• IDEM’s CBI regulations: 326 IAC 17.1-4; 327 IAC 12.1-4; 329 IAC 6.1-4; 329 IAC 3.1-13-4

54

28

CBI: What’s Confidential (EPA)CBI: What’s Confidential (EPA)

• Information qualifies as CBI if all of thefollowing is demonstrated:

– A confidentiality claim has been made thathas not expired or been withdrawn;

– The business takes reasonable measures toprotect the confidentiality of the informationand intends to continue to take suchmeasures;

– The information cannot be obtained withoutthe business’s consent or by the use oflegitimate means (excluding discovery duringlitigation);

55

CBI: What’s Confidential (EPA)CBI: What’s Confidential (EPA)

• Continued:

– No statute specifically requires disclosure;

– Either:

• Disclosure of the information is likely to causesubstantial harm to the business’s competitiveposition; or

• If the information is voluntarily submitted, itsdisclosure would likely impair the government’sability to obtain information in the future.

– Information is “voluntarily submitted” if EPA has noauthority to require disclosure and submission of theinformation is not required to obtain some benefit fromthe EPA

56

29

CBI: What’s Not Confidential (EPA)CBI: What’s Not Confidential (EPA)

• Emissions data submitted under the CleanAir Act

• Effluent data submitted under the CleanWater Act

• Health and safety data submitted underthe Toxic Substances Control Act

57

CBI: Claiming Confidentiality (EPA)CBI: Claiming Confidentiality (EPA)

• Confidentiality claims must be made at the timethe information is submitted

• Must include a cover sheet, stamp, or othersuitable marking indicating that the document isconfidential

• Confidential portions of otherwisenonconfidential documents must be clearlyidentified

• The business should explain why the informationsubmitted qualifies as CBI

58

30

When EPA Evaluates Confidentiality ClaimsWhen EPA Evaluates Confidentiality Claims

• When it receives a FOIA request seekinginformation designated as CBI

• When it determines that it is likely to receive aFOIA request for the information sometime in thefuture

• Whenever it wants to

• EPA will make advance CBI determinations insome circumstances

59

CBI: What’s Confidential (IDEM)CBI: What’s Confidential (IDEM)

• Trade secrets

– Information that derives economic value fromnot being generally known and is not readilyascertainable by proper means; and

– Is subject to reasonable efforts to maintainsecrecy

• Confidential financial information

• Information required to be kept confidentialby federal law

60

31

CBI: What’s Not Confidental (IDEM)CBI: What’s Not Confidental (IDEM)

• Effluent data

• Information that deals with the existenceof, absence of, or level of contaminants ondrinking water

• Standards and limits included in anNPDES Permit

• Emissions Data

61

Claiming Confidentiality (IDEM)Claiming Confidentiality (IDEM)

• A written claim of confidentiality must bemade at the time the information issubmitted to IDEM

• The confidential information must bemarked as confidential either with:

– A cover sheet; or

– A confidential stamp on each page of theconfidential information

62

32

Claiming Confidentiality (IDEM)Claiming Confidentiality (IDEM)

• A full justification for confidential treatment mustbe submitted to IDEM within 5 working days ofsubmitting information. It must include:

– Information showing that the submission qualifies forconfidential treatment;

– Whether IDEM has previously determined theconfidentiality of the information;

– The period of time that confidentiality is requested (75years is the max); and

– If the CBI claim is based on IDEM’s discretion, youmust state:• The authority that requires submission of the information; and

• Facts demonstrating why the information may be treated asCBI 63

64