Environmental Protection Agency (EPA).
The Environmental Protection Agency (EPA) is modernizing implementation of its self-disclosure policies by creating a centralized web-based “eDisclosure” portal to receive and automatically process self-disclosed civil violations of environmental law. Under the automated eDisclosure system, large and small businesses will quickly be able to get some of their more routine types of disclosures resolved.
EPA is launching the eDisclosure system because it continues to believe strongly in the benefits of its self-disclosure policies: To provide penalty mitigation and other incentives for companies that self-police, disclose, correct and prevent violations. EPA believes that the implementation changes announced today will make the processing of disclosures faster and more efficient, and will save time and resources for regulated entities and EPA.
These modifications to the implementation of EPA's Audit Policy and Small Business Compliance Policy, and the launch of the eDisclosure portal, are effective immediately, December 9, 2015.
Start Further Info
FOR FURTHER INFORMATION CONTACT:
Philip Milton of EPA's Office of Enforcement and Compliance Assurance, Office of Civil Enforcement, at firstname.lastname@example.org or (202) 564-5029. For general information on the eDisclosure portal please visit http://www2.epa.gov/compliance/epas-edisclosure.
End Further Info
Start Supplemental Information
Over the past several years, EPA has been evaluating how best to realize the benefits of the self-disclosure policies. Most recently, EPA held two webinars in June 2015 to share its plan for eDisclosure and allow the nearly 350 people who participated to share their views and ask questions.
Companies have suggested that EPA could streamline implementation of the self-disclosure policies for more routine disclosures to make the process faster, more efficient, and to save time and resources for regulated entities and EPA, while still retaining the incentives to self-police environmental problems. The regulated community also emphasized that a key time to encourage self-auditing and self-disclosure is when companies are purchased or acquired, because that is a point in time when companies typically are assessing operations and management systems. EPA agrees with those suggestions from the regulated community and welcomes input, on an ongoing basis, as to how the eDisclosure system is working.
I. Explanation of Modification to the Implementation of the Policies
On April 11, 2000, EPA issued its policy on “Incentives for Self-Policing: Discovery, Disclosure, Correction and Prevention of Violations” (Audit Policy). 65 FR 19618. The purpose of the Audit Policy is to enhance protection of human health and the environment by encouraging regulated entities to voluntarily discover, promptly disclose, expeditiously correct and prevent the recurrence of violations of federal environmental law. Benefits available to entities that make disclosures under the terms of the Audit Policy include reductions in, and in some cases the elimination of, civil penalties, and an EPA determination not to recommend criminal prosecution of disclosing entities. (Ultimate prosecutorial discretion resides with the U.S. Department of Justice.) More information on the Audit Policy is available at http://www2.epa.gov/compliance/epas-audit-policy.
On August 1, 2008, EPA issued the “Interim Approach to Applying the Audit Policy to New Owners” (New Owner Policy). 73 FR 44991. The purpose of the New Owner Policy is to tailor Audit Policy incentives for new owners that want to make a “clean start” at recently acquired facilities by addressing environmental noncompliance that began prior to acquisition. The New Owner Policy is designed to motivate new owners to audit newly acquired facilities and to encourage self-disclosures of violations that will, once corrected, yield significant pollutant reductions and benefits to the environment. The incentives tailored for new owners include clearly defined penalty mitigation beyond what is offered by the Audit Policy, as well as the modification of certain Audit Policy conditions that will allow more violations to be eligible for penalty mitigation under the Audit Policy. More information on the New Owner Policy is available at http://www2.epa.gov/compliance/epas-interim-approach-applying-audit-policy-new-owners.
EPA's Small Business Compliance Policy (65 FR 19630, April 11, 2000) is an additional voluntary disclosure policy that provides incentives for small businesses (with 100 or fewer employees) that voluntarily discover, promptly disclose, and expeditiously correct environmental violations. More information on the Small Business Compliance Policy is available at http://www2.epa.gov/compliance/small-business-compliance.
B. Background on Today's Modifications
The penalty mitigation available under EPA's self-disclosure policies has provided an incentive for regulated entities to detect, promptly disclose, expeditiously correct and prevent violations of federal environmental requirements. Since 1995, the regulated community has increasingly adopted environmental auditing and environmental management practices as key components of sound business practices. Thousands of entities have disclosed violations to EPA pursuant to the Agency's voluntary disclosure policies, and EPA continues to receive hundreds of new disclosures every year. Enforcement also has contributed to the dramatic expansion of environmental auditing, as many regulated entities who conducted audits have told EPA that one of the primary reasons for doing so Start Printed Page 76477was to identify and correct violations before government inspectors discover noncompliance. Regulated entities have realized cost savings through auditing, not only by limiting their enforcement liability but also by reducing the amount of pollutants that they generate (e.g., by adopting lower-cost production methods or energy-saving process changes).
C. Summary of Modifications to Audit Policy and Small Business Policy Implementation
The large number of violations self-disclosed to EPA has taxed the Agency's ability to promptly resolve all pending disclosures. Although EPA is not modifying the substantive conditions in its Audit Policy or Small Business Compliance Policy, the eDisclosure portal launched today streamlines and modernizes EPA's approach to handling disclosures under these two policies. Today's changes will result in faster and more efficient resolution of self-disclosures, while saving considerable time and resources for regulated entities and EPA. At the same time, EPA will continue to accept and process outside the automated eDisclosure system any new owner self-disclosures and any potential criminal violations disclosed to the Voluntary Disclosure Board (VDB).
In summary, entities that disclose potential violations through the new eDisclosure portal may qualify for one of two types of automated treatment, Category 1 or Category 2. In the June 2015 webinars and Information Sheet summarizing its plan for eDisclosure, EPA referred to these two types of treatment as Tier 1 and Tier 2. Because commenters expressed concern about possible confusion with Tier II Reports under the Emergency Planning and Community Right-to-Know Act (EPCRA), EPA has changed these description to Category 1 and Category 2.
Category 1. Category 1 disclosures include: (1) EPCRA violations that meet all Audit Policy conditions; and (2) EPCRA violations that meet all Small Business Compliance Policy conditions. It does not, however, include Comprehensive Environmental Response, Compensation, and Liability Act (CERCLA) section 103/EPCRA section 304 chemical release reporting violations or EPCRA violations with significant economic benefit as defined by EPA.
For disclosures that qualify for Category 1 treatment, the eDisclosure system automatically will issue an electronic Notice of Determination (eNOD) confirming that the violations are resolved with no assessment of civil penalties, conditioned on the accuracy and completeness of the submitter's disclosure. EPA will spot check Category 1 disclosures to ensure conformance with EPCRA, the Audit Policy, the Small Business Compliance Policy, and eDisclosure requirements.
EPA is currently limiting Category 1 resolutions to the above-described violations because: (a) The Agency has significant experience with providing NODs for these self-disclosed EPCRA violations (about half the disclosures EPA receives involve EPCRA reporting violations); (b) it is easy to confirm compliance with EPCRA reporting requirements; and (c) the regulated community suggested such violations for streamlined Audit Policy treatment. As the Agency gains experience with the eDisclosure system, it will evaluate whether to expand the types of violations that can qualify for Category 1 treatment.
Category 2. Category 2 disclosures include: (1) All non-EPCRA violations; (2) EPCRA violations where the discloser can only certify compliance with Audit Policy Conditions 2-9 (i.e., discovery was not systematic); and (3) EPCRA/CERCLA violations excluded from Category 1 above.
For disclosures that qualify for Category 2 treatment, the eDisclosure system automatically will issue an Acknowledgement Letter (AL) noting EPA's receipt of the disclosure and promising that EPA will make a determination as to eligibility for penalty mitigation if and when it considers taking enforcement action for environmental violations. EPA will screen Category 2 disclosures for significant concerns such as criminal conduct and potential imminent hazards.
D. Summary of the eDisclosure Process
Entities wishing to disclose potential violations through the eDisclosure system must follow a three-step process:
1. Register to File with the Centralized Web-Based Portal. This step requires entities to register with EPA's Central Data Exchange (CDX) system. See http://www.epa.gov/cdx/. Existing CDX registrants who are already identity-proofed under the Cross Media Electronic Reporting and Recordkeeping Rule (CROMERR) would not be required to re-register with CDX. Also, paper identity proofing is available if electronic ID-proofing fails.
2. Submit a Violation Disclosure. In order to be considered “prompt” under both the Audit Policy and Small Business Compliance Policy, potential violations must be disclosed online within 21 calendar days of the entity's discovery that such potential violations may have occurred. If the 21st day after discovery falls on a weekend or federal holiday, the eDisclosure system will treat the disclosure as prompt if it is submitted on the next business day. Regulated entities may submit disclosures of potential (but not confirmed) violations to give them time to determine whether a violation actually occurred and to more specifically identify the particular violation(s).
eDisclosure is not designed to receive or process any information claimed as Confidential Business Information (CBI), so disclosers must submit sanitized (non-CBI) information through the online system. Any follow-up CBI required to be submitted must be done manually according to EPA procedures and the requirements of 40 CFR part 2.
3. Certify Compliance. Within 60 days of submitting an Audit Policy disclosure (or within 90 days of submitting a Small Business Compliance Policy disclosure), the discloser must submit a Compliance Certification in the eDisclosure system. Such Compliance Certifications must identify the specific violations, and certify that the violations have been corrected and that the Audit Policy or Small Business Compliance Policy conditions have been met. The 60-day and 90-day Compliance Certification deadlines are subject to limited extensions, as discussed further in this Notice.
Disclosed violations will be considered withdrawn from Audit Policy or Small Business Compliance Policy consideration where the disclosing entity: (1) Voluntarily withdraws its disclosure before submitting its Compliance Certification (e.g., where it determines after disclosure that no violations actually occurred); (2) does not timely submit its Compliance Certification; or (3) submits a Compliance Certification that does not meet the conditions of the Audit Policy or Small Business Compliance Policy.
Whenever there is a withdrawal, the eDisclosure system automatically will record the entity's attempt to disclose potential violations, notify it that EPA will retain such records, and send the discloser a notice that the disclosure does not qualify for Audit Policy or Small Business Compliance Policy penalty mitigation through the eDisclosure system.
E. Implementation Details
1. Violation Correction and Compliance Certification Deadlines. Under the Audit Policy and Small Business Compliance Policy, disclosed Start Printed Page 76478violations must be corrected as expeditiously as feasible and ordinarily within 60 or 90 days, respectively, from the date that the potential violations are discovered. Prior to today's launch of the automated eDisclosure system, EPA and regulated entities would communicate directly with regulated entities or their counsel to resolve their requests to extend the deadlines for correcting disclosed violations. Today's adoption of an automated eDisclosure system includes an automated process for handling requests for extension of such deadlines. Below is a discussion of the possible extensions in eDisclosure and how the eDisclosure system will process extension requests, followed by a timeline that summarizes the violation correction deadlines for new disclosures submitted after today's launch.
a. Category 1 Disclosures. To obtain an electronic Notice of Determination (eNOD), disclosers must correct their violations: (a) Within 60 days of the date of discovery for those seeking penalty mitigation under the Audit Policy; or (b) within 90 days of the date of discovery for those seeking penalty mitigation under the Small Business Compliance Policy. Since all self-disclosures must be made within 21 days of discovery in order to be prompt, a Category 1 Audit Policy Compliance Certification, therefore, will be due no later than 81 (i.e., 60+21) days after violation discovery and a Category 1 Small Business Compliance Policy Compliance Certification will be due no later than 111 (i.e., 90+21) days after violation discovery.
Extensions of the violation correction deadline and corresponding compliance certification deadline are not allowed for Category 1 disclosures. If an entity requests an extension of the violation correction deadline for an EPCRA disclosure that is potentially eligible for Category 1 treatment (i.e., it meets all of the Audit Policy or Small Business Compliance Policy conditions and does not involve EPCRA section 304 chemical release reporting violations or EPCRA violations with significant economic benefit as defined by EPA), the disclosure will be potentially eligible only for Category 2 (Acknowledgement Letter) treatment.
b. Category 2 Disclosures Pursuant to the Audit Policy. Category 2 disclosers seeking penalty mitigation under the Audit Policy can make an online request for up to 30 additional days (beyond the 60 days already allowed under the policy) to correct their violations, with no explanation required. Such extensions will be considered granted at the time of the request, and the eDisclosure system automatically will extend the Compliance Certification due date by an amount equal to the violation correction period extension (e.g., an entity that gets 30 extra days to correct violations also gets 30 extra days to certify compliance).
Category 2 disclosers seeking penalty mitigation under the Audit Policy can make an online request for more than 30 additional days to correct their violations, provided the violation correction date does not extend beyond 180 days after the date of discovery. To make such a request for an extension of more than 30 days, disclosers must include in the eDisclosure system a justification for such extension. Upon such request, the eDisclosure system automatically will extend the Compliance Certification due date by an amount equal to the correction period extension, but the request is not considered granted or denied at the time of the request. Note also that EPA is more likely to scrutinize requests for extension beyond 30 additional days and ultimately may decide that correction was not prompt, if and when it considers taking an enforcement action for environmental violations.
c. Category 2 Disclosures Pursuant to the Small Business Compliance Policy. Category 2 disclosers seeking penalty mitigation under the Small Business Compliance Policy can make an online request for up to 90 additional days (beyond the 90 days already allowed under the policy) to correct their violations, with no explanation required. Such extensions are considered granted at the time of the request and the eDisclosure system automatically will extend the Compliance Certification due date by an amount equal to the correction period extension (e.g., an entity that gets 90 extra days to correct violations also gets 90 extra days to certify compliance).
Category 2 disclosers seeking penalty mitigation under the Small Business Compliance Policy can make an online request for more than 90 additional days to correct their violations, provided the violation correction date does not extend beyond 360 days after the date of discovery. To make such a request for an extension of more than 90 days, disclosers must include in the eDisclosure system a justification for such extension. Extensions of more than 180 days after discovery must be based on the time needed to correct the violation(s) by putting into place pollution prevention measures. Upon such request, the eDisclosure system automatically will extend the Compliance Certification due date by an amount equal to the correction period extension, but the request is not considered granted or denied at the time of the request. Note also that EPA is more likely to scrutinize requests for extension beyond 90 additional days and ultimately may decide that correction was not prompt, if and when it considers taking an enforcement action for environmental violations.
Start Printed Page 76479
2. Processing Unresolved Disclosures That Were Submitted Prior to Today's Launch. In the June 2015 webinars and Information Sheet, EPA stated its Start Printed Page 76480intention to allow regulated entities with pre-existing unresolved EPCRA disclosures to resubmit such disclosures through the eDisclosure system within 90 days of its launch date. In order to provide for a more orderly transition, EPA is extending this resubmittal opportunity to 120 days after today's launch. If such pre-existing unresolved EPCRA disclosures qualify for Category 1 treatment as outlined in today's Notice, the eDisclosure system automatically will issue an eNOD for such disclosures.
Note that for any such re-submitted disclosure, regulated entities must certify in eDisclosure within 30 days of their re-submittal that they timely corrected their violations. Timely correction is within 60 days of violation discovery for disclosures submitted under the Audit Policy and within 90 days of violation discovery for disclosures submitted pursuant to the Small Business Compliance Policy. No extensions of the 60-day or 90-day violation correction periods are available for such pre-existing EPCRA disclosures.
For pre-existing disclosures subject to an audit agreement or significant settlement negotiations, EPA will resolve such disclosures with a Notice of Determination (NOD), Consent Agreement and Final Order (CAFO), or Consent Decree (CD). All other pre-existing disclosures (i.e., non-EPCRA disclosures and pre-existing EPCRA disclosures that are not resubmitted within 120 days of today's eDisclosure launch) are hereby treated as Category 2 disclosures and this Federal Register Notice serves as the Acknowledgement Letter for such disclosures. If and when EPA considers taking enforcement action for environmental violations, it will make a determination as to eligibility for penalty mitigation.
II. Unchanged Aspects of EPA's Self-Disclosure Policies
A. No Changes to Conditions in the Audit Policy and Small Business Compliance Policy
The launch of the eDisclosure system does not modify the substantive conditions in EPA's Audit Policy or Small Business Compliance Policy. Instead, eDisclosure automates implementation of these policies to allow for faster and more efficient processing of self-disclosed civil violations. Moreover, disclosures of criminal violations will continue to be handled by the Voluntary Disclosure Board (VDB), outside the eDisclosure system, pursuant to the process outlined in EPA's Audit Policy at 65 FR 19624.
B. No Changes to EPA New Owner Policy Implementation
This Notice does not change EPA's approach to resolving New Owner disclosures as outlined in the New Owner Policy (73 FR 44991, August 1, 2008). Pre-existing New Owner disclosures will not be resolved through the eDisclosure system, but instead EPA will resolve these manually. New owners may elect to use the eDisclosure system to disclose future violations, but doing so will not provide New Owner treatment. To provide New Owner consideration, EPA will continue to accept and manually process new owner disclosures outside of the eDisclosure system pursuant to EPA's New Owner Policy, and EPA will enter into audit agreements as appropriate with new owners.
C. No Routine Requests for Audit Reports
As discussed in the revised Audit Policy at 65 FR 19620, EPA reaffirms its policy, in effect since 1986, to refrain from routine requests for audit reports. EPA has not requested, and will not routinely request, copies of audit reports to trigger enforcement investigations. In general, an audit that results in expeditious correction will reduce liability, not expand it. If, however, the Agency has independent evidence that there may be violations, it may seek the information it needs to establish the extent and nature of the violation and the degree of culpability.
D. Opposition to Audit Privilege and Immunity
As discussed in the revised Audit Policy at 65 FR 19623, EPA reaffirms its opposition to audit privilege and immunity. EPA remains opposed to state legislation that does not reserve the right to bring independent action against regulated entities for violations of federal law that threaten human health or the environment, reflect criminal conduct, or show repeated noncompliance. EPA also opposes legislation that bars enforcement in a way that allows one company to profit at the expense of its law-abiding competitors. See “Statement of Principles, Effect of State Audit Immunity/Privilege Laws on Enforcement Authority for Federal Programs,” dated February 14, 1997. The Agency opposes statutory immunity because it diminishes law enforcement's ability to discourage wrongful behavior and interferes with a regulator's ability to enforce against individuals who disregard the law and place others in danger.
III. EPA Approach to FOIA Requests Seeking Disclosures
EPA has always considered resolved Audit Policy disclosures to be publicly releasable under the Freedom of Information Act (FOIA) (see 1997 Memo from Steven A. Herman, “Confidentiality of Information Received Under Agency's Self-Disclosure Policy,” available at http://www2.epa.gov/sites/production/files/documents/sahmemo.pdf). EPA is continuing such approach. This means that FOIA requests for eNODs generally will be granted, particularly since the eDisclosure system warns users that it is inappropriate to submit in the online portal any confidential business information (CBI) or information that would constitute an unwarranted invasion of any person's privacy (e.g., social security numbers, birth dates, medical records, personal financial information, or other private information).
The 1997 memo also states that EPA generally will withhold unresolved disclosures pursuant to the FOIA “law enforcement proceeding” exemption, Exemption 7(A). By this Notice, EPA is effectively revising the 1997 Steve Herman memorandum to eliminate the presumption in favor of withholding unresolved disclosures and to replace it with a presumption in favor of disclosure. This change is consistent with the 2009 open government and transparency memoranda from President Obama and Attorney General Eric Holder. See http://www.justice.gov/sites/default/files/oip/legacy/2014/07/23/foia-memorandum.pdf. Therefore, in response to any FOIA requests for individual unresolved disclosures, EPA instead will determine on a case-by-case basis whether it reasonably foresees that release would harm an interest protected by a FOIA exemption. In doing so, EPA will endeavor to be as accommodating as possible in responding to such requests, and EPA generally expects to make Category 1 and Category 2 disclosures publicly available within a relatively short period of time after their receipt.
EPA believes that this change is appropriate in part because it generally expects to spot check Category 1 disclosures and screen Category 2 disclosures within a few months after their submission and will determine at that time whether further investigation or other action is warranted. It is possible that disclosures involving longer requests for a violation correction extension could cause EPA to withhold such disclosures under FOIA, but that would be determined on a case-by-case Start Printed Page 76481basis as noted above. EPA also notes that entities with wholly past violations and no outstanding noncompliance likely face little, if any, risk of citizen suit exposure. Accordingly, regardless whether the disclosed violations are resolved, EPA is optimistic that responsible disclosing entities will not be dissuaded from disclosing violations.
The Audit Policy, Small Business Compliance Policy, and New Owner Policy are policies that guide the Agency in the exercise of its enforcement discretion. They are not rules or regulations, and they are not intended, nor can they be relied upon, to create any rights enforceable by any party in litigation with the United States. The policies and how they are implemented may be revised without public notice to reflect changes in EPA's approach to providing incentives for self-policing by regulated entities, or to clarify and update the policies as necessary.
IV. Effective Date
These modifications to the implementation of EPA's Audit Policy and Small Business Compliance Policy are effective on December 9, 2015.
End Supplemental Information
Dated: November 30, 2015.
Assistant Administrator for Enforcement and Compliance Assurance.
BILLING CODE 6560-50-P
BILLING CODE 6560-50-C
[FR Doc. 2015-30928 Filed 12-8-15; 8:45 am]
BILLING CODE 6560-50-P