David A. Repka and Perry D. Robinson
Winston & Strawn

The Nuclear Regulatory Commission (NRC) has implemented an aggressive civil enforcement program covering its licensees -- both power reactors and materials licensees -- almost since the birth of the agency in the 1970's. In contrast, the Department of Energy (DOE) has only recently initiated an enforcement program covering DOE contractors, in response to the 1988 Price Anderson Amendments Act (PAAA) that mandated the program. DOE published its first Enforcement Policy in 1993 and issued the first enforcement actions and civil penalties in 1996.

The DOE and NRC enforcement programs share a common parentage. The DOE program adopted in 1993 is modeled quite plainly on the NRC's policy. In addition, DOE has utilized people with NRC experience in developing the policy. As a result, both the procedures to be used and the philosophies inherent in the policies at the two agencies are very similar. As DOE's program develops and evolves, it is easy to anticipate that it will continue to look more and more like the NRC's program in implementation. Therefore, NRC experience can teach much to the DOE community as it prepares for DOE oversight.

In terms of external regulation, however, we must emphasize that there are important differences between the DOE's current program and NRC's enforcement program. At this time, there is a large gap between the two programs. The NRC's enforcement program is the much more aggressive of the two: in terms of funding, approach, and results. For example, NRC inspection oversight is much greater, as DOE relies almost exclusively on self-reporting of violations. The DOE community must prepare itself for a significant change; a change that will require proactive steps to upgrade the culture and performance of their organizations.

This paper first provides some background on the current DOE enforcement program, pointing out some of the key attributes and some recent enforcement data. Second, the paper will describe key attributes of the NRC's enforcement program. Here, we highlight some of the key attributes that distinguish the program in implementation from the DOE program at this time. Finally, the paper concludes with some practical suggestions regarding how DOE contractors must prepare for DOE oversight (in the short term) and more aggressive external regulation by the NRC (in the longer term).

Prior to 1988, DOE contractors were not subject to enforcement actions in any formal sense. The Price Anderson Amendments Act of 1988 (PAAA) changed this, making contractors subject to possible civil and criminal sanctions. Between 1988 and 1993, the DOE worked to create the framework of its Enforcement Policy, which was published as Appendix A to 10 C.F.R. Part 820 on August 17, 1993 (58 Fed. Reg. 43,680). Following promulgation of its Enforcement Policy, the DOE worked until the end of 1995 to develop the infrastructure of its enforcement program. Among other things, this effort included:

• development of key substantive rules in the areas of Quality Assurance and Radiation Protection;
• issuance of guidelines to support the investigations and enforcement process;
• implementation of the Non-Compliance Tracking System (NTS) for contractor self-reporting; and
• staffing at DOE headquarters and establishing Field and Program Office Coordinators.

In 1996, the DOE issued its first enforcement action. The time lag between promulgation of DOE’s Enforcement Policy and its first enforcement action, in part, was to allow for program maturation, and to educate and prepare the contractor community for enforcement oversight. For example, contractors as well as DOE staff had to become familiar with the NTS.

Over the years since 1993, the DOE has gained substantial experience in applying its Enforcement Policy. In addition, the makeup of DOE’s operating facilities and activities has changed. For example, the number of weapons production facilities has significantly declined and the number of decontamination or decommissioning activities has increased. These changes caused the DOE to reevaluate the structure of its Enforcement Policy to ensure that it reflects the apparent change in mission. This reevaluation resulted in several changes to the Enforcement Policy on October 8, 1997 (62 Fed. Reg. 52,479). For example, the DOE concluded that its Policy placed inadequate emphasis on worker and environmental safety because the severity of enforcement actions was focused on the type of nuclear facility or activity being conducted. The categorization of facility approach, although similar to NRC’s, was considered inappropriate given the changes in DOE’s activities.

Further changes to the DOE’s Enforcement Policy should be expected as the program continues to mature. One change that is currently under consideration involves eliminating the protection from civil penalties for certain not-for-profit contractors.

While there are a number of attributes which could be cited to characterize DOE’s Enforcement Policy and Program, four of these attributes are perhaps most defining. First, the DOE’s Enforcement Policy is substantially modeled after the NRC’s Policy. For example, this means that the primary considerations for seeking enforcement are (1) actual or potential safety significance and (2) the degree of contractor identification, reporting and correction of the problem. Like the NRC’s Policy, DOE’s enforcement sanctions are based on a graduated severity level scheme and, thus, a graduated civil penalty scheme. Civil penalties can be decreased or increased depending on the pro-activity of the contractor in identifying and correcting problems, and depending on whether willfulness is involved in the matter at issue. Again, like the NRC’s Policy, DOE’s Policy allows for enforcement discretion under certain prescribed circumstances.

A second defining attribute is that DOE’s Enforcement Program heavily relies on contractor self-reporting to monitor compliance with DOE regulatory requirements. As alluded to above, the self-reporting is often accomplished throught the NTS. In a nutshell, the NTS involves a proceduralized means for (1) determining what matters are to be reported (including specified thresholds) and (2) recording the information in a centralized database, which includes information about the contractor’s final disposition of the matter. Another related reporting mechanism is the Occurrence Reporting System (ORPS). The DOE also uses other means to identify noncompliances, for example through external audits or assessments performed by DOE staff, representatives of the Defense Nuclear Facility Safety Board, and/or employees of other Federal government agencies such as the Environmental Protection Agency or Department of Transportation. Although a number of the enforcement actions taken to date did not result from contractor self-reporting, the enforcement program is set up to rely in large part on this means of noncompliance identification.

The third defining attribute is related to the reliance on contractor self-reporting. Because of limited staffing within the DOE’s Office of Enforcement, the number of noncompliances that are ultimately investigated is relatively small. For example, in 1996, on 16 percent were investigated after initial review. Thus, in addition to the very structure of the Enforcement Program which encourages reliance on self-reporting, the limited staffing within the DOE also contributes to this reliance. Although it is not clear from the information that is publically available, a question arises as to whether some potential enforcement matters are under-evaluated. Perhaps, this is in part why the DOE is currently considering a lower threshold for reporting under the NTS.

Finally, the fourth defining attribute is the statutory exemption for not-for-profit contractors. The PAAA explicitly exempts certain contractors from the imposition of a civil penalty. This exemption was extended to non-profit educational institutions through promulgation of the DOE’s Enforcement Policy. This extended protection is being considered for elimination in 1998. In addition, there is some discussion within the DOE about seeking to legislatively eliminate the explicit exemptions when the PAAA comes up for reathorization. Notwithstanding these exemptions, the DOE has successfully reduced contractor award fees in response to enforcement actions. Clearly, the contractor relationship with the DOE, as opposed to the licensee relationship with the NRC, makes the use of award fee reduction a viable enforcement-related tool.

Since the first enforcement action in 1996, DOE enforcement personnel have carefully selected the cases that, in their view, would keep the program from being criticized as being over zealous and/or unfair. Figure 1 shows the history to date of the DOE enforcement program. The program is still very much in its infancy, and the figures demonstrate that civil penalties have been neither widespread nor particularly severe. However, this can and will likely change as the program continues to mature. Already, between 1996 and 1997, the number of enforcement actions almost doubled; and the average civil penalty more than doubled, from about $29,000 in 1996 to a much more significant $73,000 in 1997. DOE's total civil penalties increased from $117,000 in 1996 to $440,000 in 1997.

As we will see below, DOE has a long road to travel before its civil penalty program rivals that of the NRC. Nonetheless, our expectation is that DOE will continue an upward trend in enforcement in the next few years -- which means more enforcement actions and higher civil penalties. The focus will continue to be on citations against general requirements in the Quality Assurance and occupational radiation safety areas.

The NRC established its first formal Enforcement Policy and enforcement program in 1982. Although the policy has been modified from time to time, its basic elements have remained the same. These basic elements are very similar to those borrowed by DOE:

• The policy is premised on finding violations and citing them in Notices of Violation (NOVs). An NOV will cite the specific legal requirement (an NRC regulation, order, or license condition) that has been violated, and explain the facts of the noncompliance.
• The NOV is ranked according to "safety significance" into one of four Severity Levels: Severity Level I through IV, with Severity Level I being the most significant.
• A base civil penalty applies to Severity Level I through III violations: $110,000 for Severity Level I; $88,000 for Severity Level II; $55,000 for Severity Level III. This does not, however, mean that a civil penalty will be issued in this amount.
• The NRC next considers escalation and mitigation criteria to vary the civil penalty from the base amount to fit the circumstances of each specific case. The NRC's escalation/mitigation criteria are, essentially: identification of the violation (licensee or NRC?); corrective actions (prompt and comprehensive, or not?); and NRC "discretion" (more on this later).

The enforcement logic is thus very similar to DOE's. Both agencies intend to reward licensees or contractors for self-identifying and self-correcting violations by refraining from civil penalties or reducing civil penalty amounts. However, there are several key attributes of the NRC enforcement program in implementation that suggest that there would be a major step change between current DOE enforcement and the NRC's program.

There are three attributes that are hallmarks of the NRC's program that distinguish it from DOE at this time:

• Strict Compliance
• Subjectivity
• Individual Accountability

Each of these attributes is discussed below.

The NRC's enforcement program is fundamentally one of strict compliance. If a regulation, order, or license condition has been violated, it will almost certainly be cited in an NOV. It is unimportant to this result whether the violation was unintentional, was not the "fault" of the licensee (e.g., the licensee acted reasonably), was licensee-identified, or was licensee-corrected. In addition, a violation will generally be cited regardless of its safety significance. (The NRC does allow for "non-cited violations" in certain cases involving very minor matters; however, while an NOV does not result in these cases, the non-cited violation must still be cited in an inspection document.)

To find violations, the NRC relies upon an aggressive combination of licensee self-assessment and reporting and NRC inspection oversight. The NRC places a premium on licensee self-assessments, and expects reporting of violations that meet certain thresholds. In addition, and unlike DOE, the NRC inspection program is fully developed. It includes inspections by resident inspectors (at power reactors), regional-office based inspections, and specialized team inspections from headquarters or the region, often including technical contractors. Relative to DOE, the inspection oversight is very thorough. Many violations, therefore, will be reviewed, cited, and considered for civil penalties.

On this point, it is also important that the NRC has many very broad requirements that in an enforcement context give the agency the ability to address wide-ranging licensee conduct and inadequacies. For example, quality assurance requirements generally require programs -- such as design control programs, or inspection and test programs -- or performance standards -- such as timely identification and correction of conditions adverse to quality. Similarly, many license conditions simply require procedures in specific functional areas, such as fire protection. Inspectors therefore have the regulatory tools to cite any noncompliances or inadequacies that can be linked to these broad standards. In this respect, the inspectors' flexibility is similar to what DOE has in the Quality Assurance and Radiation Protection areas. It is simply more pervasive and more frequently exercised.

Given these broad scope requirements, the important hallmark of the NRC's program is the frequent narrow focus of inspection findings. In the enforcement program, the NRC does not start from the perspective of broad performance indicators. Rather, it starts from individual events, individual procedural noncompliances, individual equipment problems, and builds up to programmatic conclusions. Each individual issue will be cited, either as a violation in itself, or as an "example" violation used to build a more serious aggregated violation.

One current example of this narrow, strict compliance focus is an NOV issued recently to Entergy Operations, a power reactor licensee. The licensee, in a self-assessment, identified one emergency light unit (ELU) that was inoperable. The ELU is required for fire protection purposes. There are several such units and the inoperable condition was of minor significance and corrected. Nonetheless, upon reviewing the licensee's self-assessment report, an NRC inspection team was compelled to cite the matter as a Severity Level IV violation of a broad requirement that the licensee implement a fire protection program. There was no civil penalty, but the licensee is contesting the violation as addressing a matter too insignificant to represent a violation of a programmatic requirement.

The NRC's Enforcement Policy presents precise formula, examples, and logic flow diagrams for citing violations, assigning Severity Levels, and assessing civil penalties. Upon reading the policy one would have the impression of a very mechanistic, objective approach. The policy, however, is deceptive n this regard. In reality, the NRC's program is highly subjective. If DOE's program has not yet evolved to the same degree, it could certainly reach the same point eventually.

Subjectivity enters the enforcement analysis in at least three very important places. First is the concept of "aggregation" -- a concept already adopted in the DOE enforcement policy. Under this concept, alluded to earlier, the NRC can cite more than one "examples" of related violations (i.e., violations arising out of the same circumstances or sharing common root causes) and combine them into one higher Severity Level "problem." Thus, for example, several relatively minor violations can become a Severity Level III problem worthy of a civil penalty. Frequent candidate violations considered for aggregation are minor procedural noncompliances, examples of untimely or ineffective corrective actions for conditions adverse to quality, or multiple, independent performance problems resulting in an "event" or a condition adverse to quality.

Another somewhat related concept is the notion of "regulatory significance" applied in Severity Level determinations. The NRC bases its Severity Level determinations on the "safety significance" of the violations, and defines "safety significance" as based on three components:

• Actual Consequences
• Potential Consequences
• Regulatory Significance

The first two components are straightforward and reasonably objective. The first is verifiable and quantifiable. The second is risk-based. The third, however, is not defined, not risk-based, and not quantitative. Violations have "regulatory significance" if they seem significant to the regulator.

A third key subjective attribute of the NRC enforcement program is the so-called "discretion point" in the civil penalty logic. The Enforcement Policy expressly calls for the NRC to insert subjective judgment to assure that civil penalties in individual cases send an appropriate regulatory "message." The concept is that this discretion will supersede the standard civil penalty logic that considers only identification of the violation and the adequacy of corrective actions. This "discretion point" can and has lead the agency to decline to issue civil penalties in some case. More frequently, however, it has lead the NRC to significantly increase civil penalty amounts to "assure" that licensee management will give the matter significant attention.

The aggregation, regulatory significance, and discretion concepts all offer NRC enforcement personnel the ability to consider or not consider civil penalties for specific violations based upon broad, subjective impressions of licensee programs, management, and performance. While this may seem unfair, and often self-fulfilling, it is also very much part of the program. Effective management understands this and works to address programmatic implications of even minor noncompliances and works to effectively communicate initiatives and results to the NRC.

Much more than DOE presently, the NRC's investigation and inspection program focuses on individual accountability for regulatory violations. The NRC can and will take enforcement action directly against an individual for conduct resulting in a violation. Such enforcement action can include: a letter of reprimand, an NOV to individual, a civil penalty to the individual, or an order barring the individual from future involvement in NRC-licensed activities. In addition, criminal penalties are possible against individuals for willful violations of NRC requirements. These individual sanctions are in addition to any sanctions issued to the licensee (who is ultimately held responsible for the acts or omissions of its employees).

The NRC's focus in this regard is in two areas:

• Deliberate Misconduct, or Wrongdoing: Actions that intentionally violate NRC requirements (or would have lead to a violation but for detection) or involve intentionally inaccurate or incomplete statements to the NRC or falsification of records required to be maintained.
• Discrimination Matters: Violations of NRC requirements that protect those who raise safety issues to management or the NRC, including actions that allegedly constitute a "hostile work environment."

The NRC investigates these matters through the Office of Investigations (OI), an arm of the agency that takes a law enforcement approach to its inquiries. Substantiated violations in these areas will be referred to the Department of Justice for further investigation or consideration of criminal penalties, in addition to the civil actions taken by the NRC.

The NRC has aggressively pursued these matters in recent years, resulting in severe sanctions to licensees and consequences for individuals employed both by power reactor licensees and materials licensees. These investigations often result from employee allegations directly to the NRC or to third parties. Even for unsubstantiated allegations, the investigation process can extract a significant toll on the licensee and its employees. This is an area, as noted previously, DOE does not presently address at all.

Recent data related to the NRC's enforcement program is presented in Figures 1 through 4. The first two figures, based on NRC data for recent fiscal years, shows the ranges and numbers of civil penalties issued to both power reactor and material licensees. Although these sanctions may not seem large relative to the revenues of nuclear licensees, they nonetheless represent a very significant regulatory tool. Civil penalties attract substantial public attention. In addition, civil penalties are in addition to the corrective actions the licensee will undoubtedly take to address the underlying violation. And the NRC's enforcement process requires significant licensee resources and management attention. The importance and influence of the program should not be underestimated.

Figures 3 and 4 present power reactor data we have compiled for recent years. This data shows, most importantly, the dramatic recent up turn in the NRC's program in 1996 and 1997. As a result of events and inadequacies at the Millstone Nuclear Power Station in 1996, the NRC as a policy matter has reemphasized civil penalties as a regulatory tool, industry-wide. The numbers are not entirely driven by civil penalties issues directly to Millstone; many licensees received very substantial civil penalties in 1997. This NRC emphasis on enforcement seems likely to continue for at least the near future.

The DOE enforcement program for oversight of contractors is only beginning. As the program matures, it could continue to evolve in the direction of the NRC's current program. However, given resource limitations, it seems unlikely to reach the scope of the NRC's program in the near future. If and when external regulation of DOE nuclear facilities by the NRC is implemented in large scale, there will be another major step change between DOE and NRC oversight and enforcement. In either scenario, DOE contractors and subcontractors must face some practical implications, and are advised to effectively prepare by adopting certain "best practices" and "lessons learned" of NRC licensees.

Our suggestions in this regard include the following:

• Be Proactive: Both the DOE and NRC enforcement policies reward licensee initiatives to identify, report, and correct noncompliances. Proactive efforts are rewarded first in application of escalation/mitigation factors that determine civil penalty amounts. But even more importantly, in the NRC's program, subjective assessments of licensee programs, management initiatives and oversight, and corrective action programs, greatly influence enforcement decisions in less direct, but more significant, ways.
• Emphasize Procedural Compliance: In a strict compliance regime such as the NRC's, with significant inspection activity, there is a premium on procedural compliance. Licensees and contractors need to establish in their organizations a compliance culture, wherein procedures are strictly observed. If procedures frustrate compliance, the procedures must be improved.
• Address Communication Skills and Inspection Support: An important part of a highly regulated environment is the constant presence of regulator oversight. Communication skills and inspection support become essential. Employees need to understand the inspectors' needs, how to respond to issues before they become enforcement matters, and how and when to push back in a professional, non-adversarial way. Management must appreciate the need to support agency inspections, and to refrain from treating the inspection as a bothersome diversion of focus and resources.
• Improve Root Cause Analyses and Timely Corrective Actions: As previously noted, timely identification and effective correction of problems is important under the DOE/NRC enforcement approach. Effective organizations demonstrate solid root cause capability in order to define comprehensive and effective corrective actions. Effective organizations must display a solid self-assessment and improvement attitude. This will considerably influence more subjective enforcement determinations.
• Establish Robust Employee Concerns Programs: As the NRC has increased attention to discrimination, or "whistleblower," allegations, and has emphasized the need for a safety conscious work culture (i.e., one where individuals feel free to raise concerns to management), the importance of employee concern programs has significantly increased. In addition, other initiatives, such as supervisory training, and policies to emphasize the need for prompt response to employee concerns, are extremely important.

BACK