Plains All American Pipeline, a major player in the oil and gas industry, faces $2.8 million in fines, and a grand jury indicted the company on 46 criminal charges – four of them felonies – according to The Wall Street Journal.
Additionally, a Plains employee is being individually charged and faces a multi-year prison term. This is part of a trend set in motion in 2015, when the Department of Justice announced a new policy. It now prosecutes corporate individuals for negligence in risk and compliance management, escalating the priority of holding guilty parties accountable.
This news is the result of a 2015 oil spill that occurred when a “corroded pipeline…spilled nearly 3,000 barrels of oil onto a beach and into the Pacific Ocean near Santa Barbara.” The transportation secretary has concluded that a series of “preventable errors” led to the incident.
The DOJ’s new policy has increased the pressure – already in the form of fines, penalties, and class action lawsuits – on corporations for improved risk management practices. With strong ERM systems, as was the case with Morgan Stanley, a company can provide evidence that proper practices (risk assessments, controls, and monitoring) were in place. This documentation can and has helped companies avoid all charges.
Other times, as was the case with Plains, individual liability is simply added to company-wide liability. The company did not have an appropriate risk management system in place, which has two implications:
Had Plains been using ERM software, it would likely have prevented the spill. Even if the errors weren’t corrected in time, however, an ERM system would have maintained a historical record of the company’s actions. Liability could have been limited to the negligent employee.
"Preventable errors" are synonymous with "failure in risk management" and "negligence"
Risk management negligence has been receiving increased attention in recent months, as reflected by our blog. More and more companies – public and private, large and small – are being penalized for negligence, oftentimes when no incident has occurred.
Heavy negligence penalties might seem harsh if a company hasn’t suffered an incident, but they exist for good reason. This pipeline spill is a perfect example; when regulators crack down on risk management negligence, they aren’t simply punishing compliance violations. They’re sending a message: without robust risk management, companies are risking themselves, their stakeholders, and in some cases, the welfare of third parties and the health of our environment.
The “preventable errors” that led to the Plains All American Pipeline rupture include severe corruption of the pipeline itself, insufficient pipeline inspection resources, and a lack of “adequate procedures and systems in place to keep such a spill from escalating into an emergency,” according to The Wall Street Journal.
Two components of minimizing risk: prevention and response
Risk mitigation, if effective, prevents risks like oil spills. Since risk is by nature unpredictable, however, companies need to also develop forward-looking response strategies, whether to a spill or another sort of incident. This holds especially true for organizations like energy companies, which frequently handle raw or hazardous materials.
Plains All American Pipeline failed to adopt an effective risk-based approach to regulations, both from the National Energy Board and otherwise. It also failed to use an ERM system to proactively reduce the likelihood of a spill. It neglected inspections and didn’t properly analyze results when inspections did occur. The NEB’s Onshore Pipeline Regulations now tie together provisions of other acts and require companies to maintain effective risk management processes.
A report published by the Pipeline and Hazardous Materials Safety Administration determined that if the pipeline used a different inspection tool, its chances of preventing the spill would have been higher. This is the consequence of risk management negligence.
The key lesson from this case is that risk management negligence can have catastrophic consequences far and beyond customer deception, infected food, or a severely battered reputation. Risk managers have a growing set of facts that should convince leadership to adequately support their risk management programs.
Plains estimates it will ultimately pay $269 million to resolve the incident (emergency response and cleanup, claim settlements, and fines and legal penalties). It’s in the best interest of your company, your stakeholders, and the environment to implement proper risk assessments, controls, and monitoring activities.
Download our free eBook, Implementing Risk-Based Compliance, for a closer look at standardizing your organization's risk and compliance strategy.
Also visit LogicManager’s website for help identifying vulnerabilities at your organization and taking corrective action with a risk-based approach and response.