Regulatory Compliance Issues - Complaints from neighbors

[Randy]

Re: Regulatory Compliance Issues - Complaints from neighbours

You're off base Brad. Read the stuff up above objectively.

EMS isn't about compliance it's about overall improvement and the management of it. Compliance is just part of the total process, and it goes beyond local agencies.

 

[Paul Simpson]

Re: Regulatory Compliance Issues - Complaints from neighbours

Looks like another pop, Randy. Perhaps you are reading too much or too little into a few lines. Please let me explain my post.

Here is the OP.

I was recently involved in a surveillance and scope extension ISO 14001 audit at a facility that has outstanding regulatory issues. Compliants have been received from neighbours and the environmental regulatory agency is not yet satisfied that the complaints (violations) are sufficiently resolved.

When we were on site we asked the company's regulatory office how they were handling the compliants. They provided evidence that they had addressed the issues and were working with the regulatory agency towards a resolution. From the company's perspective they thought the issues were resolved - the regulatory agency does not share their opinion. Our audit concluded that the company was actively dealing with the outstanding issues and we could find no conclusive evidence that they were operating outside the terms of their approvals.

So the audit team recommended continued certification and acceptance of the scope extension. However, the certification body that retained us is reluctant to accept the findings of the audit and the scope extension, essentially because of the political ramifications of extending the certification to a part of the operation that has caused community compliants.

The only guidance I can find dealing with this type of an issue is from an ANAB advisory, as follows:

" A CB may register an organization or permit its registration to continue despite observed legal noncompliances, provided that the CB is satisfied that the EMS does address such non-compliances and when in the aggregate such non-compliances are not determined to indicate a major nonconformity."

Has anyone else ran into a similar situation? If so, any ideas on how to break the logjam? Is anyone else aware of any precidents/guidance on similar situations?

I am leaning toward recommending a special audit (a short-notice audit under ISO 17021) to gauge the company's progress on resolving the complaints (the company is currently on an annual surveillance cycle). Any other thoughts or comments?

Thanks in advance.

Maybe tigerfan51 can add some detail without breaching confidentiality (or encourage the organization to post?).

The way I understand it they have had a breach of regulations, they have taken corrective action to deal with cause (immediate, root we do not know). The regulator is not satisfied. Now I can't speak for every country but that is considered to be still in breach. On that basis my earlier recommendation is for a suspension of certification until the matter can be resolved between the company and the regulator. This is not taking sides in the matter. I believe it is wrong to claim an effective EMS if the regulator is saying you are in breach.

What we seem to be fixed on here is an organization having a regulatory problem and trying to take the step to fix it. The problem seems to be compounded by complaints ( possibly suffering from "Chicken-Little Syndrome) and regulatory agency personnel not agreeing with the "fix".

IMHO the complaints are a side issue. I haven't commented on them. Provided the auditor is happy the organization is dealing with them then all well and good. My recommendation was to let the organization sort it out with the regulator regardsing the breach.

What is not happening in this discussion so far ( as I see it anyway) is a systems way of understanding the issue and resolution of the problem. Let's just issue non-conformances, de-register, decertify and all that 1st.

As above - the suspension option just allows a bit of breathing space. More on systems later.

There is absolutely no such thing as an absolute guarantee that total compliance (or at least the perception of compliance) can be 100% all the time, it won't happen.

Agreed. My issue is that if the regulator does not agree that actions are effective then the issue is not resolved. Rather than get embroiled in the debate (and bringing the CB's reputation into question) it is better to take a step back.

ISO 14001 doesn't mandate compliance, it requires committment to compliance, taking steps to achieve compliance, evaluating compliance activities, correcting non-compliance when found or preventing potential non-compliance from happening, and keeping top management informed about all of this so that it can determine the need for change and resources to put into the compliance effort. This is all done as a continually improving process.

"Taking steps to achieve compliance." If you're advocating certification based on intent that's another thread. The systems approach that you claim to understand better than others says a bit more than the above. Think of what a breach of regulations says in terms of system failure:

• Policy requirement to commit to meeting legal requirements (4.2) - not met
• EMS to address legal requirements (4.3.2) - not met
• Objective doesn't address compliance with legal requirements (4.3.3) (or not met)
• Operational control doesn't ensure legal compliance is achieved (4.4.6)
• Periodic determination of legal compliance is not effective (4.5.2.1)

There may be others in terms of Monitoring and Measuring (4.5.1), Corrective Action (4.5.3) and communication (4.4.3) but the list above will do for a start.

Nowhere in the standard does it say that compliance "must" happen, it just states in essence what I wrote above.

So in essence you would be happy to certify an organization that fails to address the clauses of the standard (as above)? and is polluting or creating a nuisance? I can't speak for your employer but mine would not accept that I have carried out an effective audit if I allowed that.

What I've seen in preceeding posts is compliance assessment and decisions from a compliance aspect and not from a systems approach.

:mg: No comment.

 

[Dr. L. Ramakrishnan]

Re: Regulatory Compliance Issues - Complaints from neighbours

Hi,

This is an interesting case - worth using as a case-study material in a course. My approach will be similar to that of Randy. In addition, I would like to bring to your consideration the following:

a) If I understand you right, you concluded, based on the evidence collected during the audit, that the organization had taken sufficient steps to handle the complaints from neighbours ("Our audit concluded that the company was actively dealing with the outstanding issues and we could find no conclusive evidence that they were operating outside the terms of their approvals"). I think that should be the basis of your recommendation.

b) Unless you have a say in the decision to be taken by the Certification Body any amount of arguments for or against de-recognition will not help; if you have a say, you should go by your audit conclusion.

c) In my more than twenty years of E,OH & S audit experience I have not come across an organization that met all the relevant legal and other requirements all the time, in all the locations without deviation.

d) I have come across many regulators whose positions on environmental issues were not scientific or technologically sound (this is not to say that all are like that). To withdraw a certification just because the regulator is not satisfied in unfair; regulators are not infallible. And in the Asia Pacific Region (where I have enough experience) the subject is new to many regulators and there is a tendency to play it safe.

e) If the organization that you had audited is a TNC, there is an additional issue if the complaints have originated from NGOs. No regulator would like to give the organization a clean chit on his own and take on the NGO ire. (please do not mistake me I do not say that NGOs are wrong always; many times they bring out fantastic findings that eluded many auditors).

f) I have not touched upon all the points that I would like to....but one thing that I can say is that you will be doing a great disservice to the organization if you de-recognize the certification even though the surveillance audit concluded that the organization had indeed addressed the regulatory issue adequately.


With best regards,

Ramakrishnan

 

[Randy]

Re: Regulatory Compliance Issues - Complaints from neighbours

Sorry Paul but Policy is nothing more than intent or a promise the organization makes and in order to do so initiates all of the requirements of the standard to make it happen.

1. As for the agreement of regulators, many times they cannot even agree amongst themselves, You ever dealt with the US EPA or a state environmental agency?

2. The alleged breach may be purely administrative and the resolution consist of what is called a CAO (Consent Administrative Order).

3. Objectives don't have to address legal requirments, they only need to take them under consideration.

4. Operational controls can't necessarily guarantee compliance because there is one factor that cannot be absolutely controlled - - PEOPLE. And please don't hit the competency button. No matter how competent you can always press the wrong button.

5. The line between compliance and non-compliance can be so thin you cannot even see it. Also it may be days before non-compliance is detected when talking air and water issues, and the non-compliance comes about because of self reporting to the agency. Been there, done that myself.

6. The complaints can be nothing more than some nut case Chicken-Littles running around because the sky is falling. They complain because they have nothing else to do. Been there and done that as well with people getting migraines and nausea from asbestos fumes and complaining about it to the fed's.

7. Lot's more....

This thread is pretty good and the passions are fun.

As for me, being a actual real world enviromental professional by trade and education, when I look at what organizations are doing I can make good decisions about what is or isn't important when I make my recommendations at the end of an audit, and yeah I just might make a recommendation for registration with an existing non-compliance if the system can take care of it even if the regulator may not agree with a fix (The acceptance of CA's by regulators may take years because of the courts)

Let the system work, and remember the small piece about improvement.

 

[SteelMaiden]

Re: Regulatory Compliance Issues - Complaints from neighbours

I'm with Randy and Dr. R. Unless you have some real serious, heavy duty proof that this company is not attempting to correct the situation, I do not see how it would be possible to pull their cert just because they had a notice of violation. There will be violations, and sometimes bureaucrats will grandstand in order to impress other bureaucrats, I could tell you some stories.

Sometimes, prior experience with "bad" companies that were not environmentally friendly can set off a huge witch hunt that harms many good solid companies that truly do commit to doing the right thing. With just the information that was provided, I really cannot see that the certification should be pulled.

 

[Craig H.]

Re: Regulatory Compliance Issues - Complaints from neighbours

I'm with Randy and Dr. R. Unless you have some real serious, heavy duty proof that this company is not attempting to correct the situation, I do not see how it would be possible to pull their cert just because they had a notice of violation. There will be violations, and sometimes bureaucrats will grandstand in order to impress other bureaucrats, I could tell you some stories.

Sometimes, prior experience with "bad" companies that were not environmentally friendly can set off a huge witch hunt that harms many good solid companies that truly do commit to doing the right thing. With just the information that was provided, I really cannot see that the certification should be pulled.

I think you are on to something here. My experience in EHS is limited, but from my 9001 experience, and from what the experts have posted here, I would like to add to this and see what others think.

An audit is a snapshot, a moment frozen in time. There will sometimes be closed eyes or funny expressions. There also may be nonconformances and brief instances of conflict with rules and regulations. While there may be a tendency to take the snapshot at "face" value, we really should dig a little deeper to see if subject has a way of addressing the blemish. If so, is that method being used properly, and, overall, have the methods in place proved to be effective over time?

As our esteemed Steel has pointed out, if this statement is correct, then it follows that as long as there is a system to address the regulatory problem, and it is being used properly, then the certificate stands. Conversely, if the approach to the problem has been to ignore or deny it, then the certification should be suspended.

As far as the politics goes (sheesh) any attempt to turn the situation into a scandal should be met with the facts. Specifically, the steps the company has taken should be revealed.

Am I on the right track?

 

[SteelMaiden]

Re: Regulatory Compliance Issues - Complaints from neighbours

Am I on the right track?

Only as long as I was

thanks for the vote of confidence....I'm only a psuedo environmental engineer. Polluting my brain with environmental knowledge was not on the aspect and impact list.

 

[BradM]

Re: Regulatory Compliance Issues - Complaints from neighbours

You're off base Brad. Read the stuff up above objectively.

EMS isn't about compliance it's about overall improvement and the management of it. Compliance is just part of the total process, and it goes beyond local agencies.

Good check. And to an extent I agree. In my world, though, EMS should be more about compliance to regulatory/community requirements. IF you are going to have an EMS, then it should be able to manage a process that satisfies the stakeholders.

This OP is written like a game. We have several players here: The customer, the regulatory agency, the auditors, the certification body, the quality system.

AUDITOR: Call it like you see it. If it is good, then say so and make that recommendation. In my opinion, the auditor is in the right, here. Make the recommendation and move on. I am asking my expert auditor friends here: Is that woefully naïve?

CERTIFICATION BODY: It is their product, to sell to whom they choose. If they have higher order power in this to override their auditors (which is not a good idea to do) then fine; go with it.

While I don't always agree or understand, many times people make decisions as they are privy to information others may not know about.

REGULATORY AGENCY- Completely, totally agree on all parts regarding the woeful inefficiencies/ subjective nature of them. Problem is: you can’t get around them. In this case: Is this the ONLY company getting their chops busted by the regulatory agency? If it’s that bad, move. Or get a lawyer.

EMS-
IMO: Their system is inadequate. It is not satisfying the community or regulatory environment.
****
The customer is the one driving this boat. They need to determine the proper course.

Please, correct my thought process if I am still out in space. It just seems to me that everyone here is in the right and done their job, except the customer and their system.

 

[Paul Simpson]

Re: Regulatory Compliance Issues - Complaints from neighbours

My last post on this one unless anything substantive comes up .... I can only go round the circle so many times before I get dizzy!

Sorry Paul but Policy is nothing more than intent or a promise the organization makes and in order to do so initiates all of the requirements of the standard to make it happen.

Don't be sorry, Randy. There are a few other threads where the importance of policy is downplayed. I'm not a fan of the "gotta have it so we've got it" argument. Policy has an important part to play in any ISO assessment. To say it just sits there as an empty promise is ridiculous.

1. As for the agreement of regulators, many times they cannot even agree amongst themselves, You ever dealt with the US EPA or a state environmental agency?

Second question first - No. F

irst point - tigerfan51 says the organization recognizes they are in breach - so there is no argument from them of the need for corrective action - and they think thy've taken it.

As with all these things it is for them to deal with the issue with the regulator - hence my suggestion to give them some space.

2. The alleged breach may be purely administrative and the resolution consist of what is called a CAO (Consent Administrative Order).

You are right - we don't have the information and can only go by what the OP has said. It sounds to me as if it is more substantive than an admin breach.

3. Objectives don't have to address legal requirments, they only need to take them under consideration.

The exact wording is "consistent with," it may be the organization can have objectives that allow for breach of regulations but it sounds like a half baked system that condones this.

4. Operational controls can't necessarily guarantee compliance because there is one factor that cannot be absolutely controlled - - PEOPLE. And please don't hit the competency button. No matter how competent you can always press the wrong button.

It's great to have someone who knows exactly what I am going to post before I do! You don't pick lottery numbers as well do you. I apprecite the fallibility of the human being - present company excluded!

We don't however have any details of the nature of the breach - surmising what the root cause is / was is just so much wasted time.

5. The line between compliance and non-compliance can be so thin you cannot even see it. Also it may be days before non-compliance is detected when talking air and water issues, and the non-compliance comes about because of self reporting to the agency. Been there, done that myself.

Again maybe .... we don't know.

6. The complaints can be nothing more than some nut case Chicken-Littles running around because the sky is falling. They complain because they have nothing else to do. Been there and done that as well with people getting migraines and nausea from asbestos fumes and complaining about it to the fed's.

As I said before I think the complaints may be a side issue .... of no bearing to the potential suspension.

7. Lot's more....

This thread is pretty good and the passions are fun.

As for me, being a actual real world enviromental professional by trade and education, when I look at what organizations are doing I can make good decisions about what is or isn't important when I make my recommendations at the end of an audit, and yeah I just might make a recommendation for registration with an existing non-compliance if the system can take care of it even if the regulator may not agree with a fix (The acceptance of CA's by regulators may take years because of the courts)

Most CBs (including yours from memory) fight shy of recognizing a company system when there are "issues" due to their past activity. We look at any historical breaches very carefully - check with your assessment guys as to what they say - you may be unpleasantly surprised. :mg:

One of the reasons is that a registration for a proven polluter says something about the EMS certification scheme that they would not want said - anyone remember the "concrete life preserver" discussions?

Let the system work, and remember the small piece about improvement.

I prefer to think of the slightly larger piece that says:

The organization shall ensure that these applicable legal requirements and other requirements to which the organization subscribes are taken into account in establishing, implementing and maintaining its environmental management system.

 

[Sidney Vianna]

Re: Regulatory Compliance Issues - Complaints from neighbours

I'm with Randy and Dr. R. Unless you have some real serious, heavy duty proof that this company is not attempting to correct the situation, I do not see how it would be possible to pull their cert just because they had a notice of violation. There will be violations, and sometimes bureaucrats will grandstand in order to impress other bureaucrats, I could tell you some stories.

I agree. As long as the organization is addressing the issue, they should not be deemed to be in breach of ISO 14001.
In the ISO 9001 world, we don't yank a certificate because the organization produced non-conforming products. In the E-world, we all agree that commitment to comply with regulatory requirements does not guarantee compliance. Even because regulatory compliance, as already alluded to, is somewhat subjective. Inspectors from Regulatory Agencies also bring bias, subjectivity and variation into the picture.

One thing we don't know and could be of significance here. Many times the residential neighbors are the ones who "invade" the space previously occupied by "nothing". And the complaint starts... Especially in places where urban planning is weak. So, should a company be penalized due to the fact that the authorities permitted the construction of residences too close to industrial parks? It happens all the time and everywhere. In the US alone, a huge number of small airports had to be closed due to surrounding community complaints about noise. For the most part, those airports were developed decades ago and urban sprawl allowed for the surrounding area to be developed as a residential community.

An audit is a snapshot, a moment frozen in time. There will sometimes be closed eyes or funny expressions. There also may be nonconformances and brief instances of conflict with rules and regulations. ...

Am I on the right track?

An individual audit is limited in coverage. However, a certification program exists over time. That is why the CB has to assess the EMS performance and continual improvement over time. And let's not forget. 61. Outputs Matter!