Audit, Compliance and Risk Blog

In 1989 OSHA issued “Safety and Health Program Management Guidelines” (S&H Guidelines), recommending activities employers should undertake to ensure their employees’ safety and health. The S&H Program Guidelines encourage employers to institute and maintain an “effective occupational safety and health program.” Some state occupational safety and health regulators have used these (voluntary) guidelines as the basis for mandatory employer programs – including California’s Injury and Illness Prevention Program (IIPP) requirement and Washington’s Accident Prevention Program (APP) requirement. OSHA proposed a national rule in 2012, but after several delays has designated it a “long term action.”

The Occupational Safety and Health Administration (OSHA) adopted massive changes to its Hazard Communication Standard (HCS or Hazcom) effective May 25, 2012, updating chemical information, labeling and training requirements that had been in place since the 1980s. These revised requirements conform U.S. requirements to international guidelines under the U.N.-sponsored Globally Harmonized System of Classification and Labeling of Chemicals (GHS). Recognizing the extent of these changes, OSHA provided multi-year compliance phase-ins for employers whose workers manufacture, distribute or use chemicals (I’ve previously blogged about the changes here, here and here). The next such deadline is December 1, 2015, when distributors must only ship containers that meet the latest labeling requirements – so if you work for an employer that’s an end user of chemicals, all containers entering your facility must meet these requirements rather than the pre-2012 requirements.

The US Environmental Protection Agency (EPA) administers a Worker Protection Standard (WPS) designed to protect workers exposed to agricultural pesticides. WPS is patterned after the Occupational Safety and Health Administration (OSHA's) Hazard Communication Standard (HCS) for workers in most other industrial and commercial settings. EPA adopted the WPS in 1992, and just adopted its first revisions late in September 2015. Some of these changes incorporate revisions to HCS adopted by OSHA in 2012 (see here), while others catch up on two decades of industrial hygiene and worker safety practices. The revisions will appear in the Federal Register (probably in November) and become effective 60 days later. Compliance deadlines extend for up to 2 years for the various changes.

I summarized longstanding WPS requirements when I blogged last year about EPA’s proposed revisions (click here ). To further summarize my summary, WPS requires employers whose employees work with or around pesticides to provide the following:

• Pesticide safety training

• Labeling information

• Specific information including pesticide-specific training within 5 days after beginning work (“grace period”), supplementing immediate emergency information and a pesticide safety poster

• Requirements to keep workers out of areas being treated with pesticides, within nurseries and greenhouses (“buffer”)

• Requirements to keep workers out of areas during a restricted-entry interval (REI) set for each pesticide

• Protect early-entry workers doing permitted tasks in pesticide-treated areas during an REI, including special instructions and personal protective equipment (PPE)

• Required warning to nearby workers about pesticide-treated areas (oral and/or warning signs, depending on the chemical)

• Monitor handlers using highly toxic pesticides, at least every 2 hours

• Provide required PPE to handlers (e.g., clothing, respirators)

• Provide decontamination supplies

• Provide for emergency assistance.

Some requirements apply on behalf of all agricultural workers who may be exposed, plus additional requirements for pesticide handlers who work with regulated pesticides.

What Changes is EPA Adopting?

EPA has adopted a wide variety of revisions, including provisions that have changed significantly from last year’s proposal. Revisions include:

• Training (compliance deadline delayed for 2 years):

If your organization manages pharmaceuticals, do you know if any of its waste pharmaceuticals are regulated as “hazardous waste” under the Resource Conservation and Recovery Act (RCRA)? And do you know which ones, and why or why not?

For more than 25 years, I’ve taught one of the core required courses in the Hazardous Materials Management Certificate program offered by University of California Santa Cruz Extension (UCSC-Ex). The program is intended to provide professionals with a solid foundation in the principles, regulations, and technologies required to manage hazardous materials and hazardous waste. In my course–the Regulatory Framework for Toxic and Hazardous Materials–I provide overviews of:

When an organization breaks the law, the actual actions must be taken by individuals associated with the organization–whether it’s a rogue individual or a vast internal conspiracy. So who’s culpable and for what? Laws often provide civil liability for most violations and criminal liability for the most severe, and many include parallel provisions addressed both to organizations and individuals. Most enforcement agencies produce enforcement and prosecutorial guidelines for agency personnel to provide criteria that channel their “prosecutorial discretion.” Variations in such guidelines may tend to keep organizations and their personnel aligned – as when they’re all going to be prosecuted together anyway–or may encourage fissures between them – as when one can reduce its own liability by incriminating another.

The U.S. Department of Justice (DOJ) conducts most criminal prosecutions brought against violators of U.S. federal laws. DOJ’s U.S. Attorneys also provide legal support to many federal agencies in civil cases brought by the agencies for regulatory violations. To regularize these wide-ranging responsibilities, DOJ promulgates enforcement policies and priorities, which are compiled in the “U.S. Attorneys’ Manual.”

How Has DOJ Approached Individual Prosecutions For Organizational Wrongdoing?

DOJ has repeatedly adjusted its policies for prosecuting individuals in organizational wrongdoing cases. In 2003, DOJ issued an enforcement policy seeking to separate organizations from their agents – telling organizational defendants that indemnification of their officers (i.e., paying their defense costs under employment contracts and bylaws) would be interpreted as support for the individuals’ malfeasance, precluding DOJ from applying lenience to the organization for having “cooperate[d] in the investigation of its agents” (the “Thompson memorandum”). This policy was intended to prevent organizations from shielding their personnel, and so to encourage more individual prosecutions. However, this policy was rescinded after a 2006 court decision excoriated DOJ, holding that the policy violated individual defendants’ Constitutional rights by exerting undue pressure on organizations (U.S. v. Stein).

In 2006, DOJ softened the offending policy by reemphasizing that many criteria may apply to charging and prosecutorial decisions, and stating explicitly that an organization’s decision to follow state laws and establish indemnification provisions would not be considered a failure to cooperate sometime later with federal prosecutors (“the McNulty memorandum”; later enshrine in the U.S. Attorneys’ Manual section 9.28). Thus, DOJ policy for nearly a decade has not explicitly attempted to pit organizational defendants against their individual human agents – but also has not provided clear guidance to prosecutors in determining whether to proceed against organizational defendants, individual defendants, or both. During these years, the trend has been toward fewer prosecutions of individuals, even where it seems likely that top managers were integral participants in financial or regulatory violations. This lack of headline-grabbing prosecutions has produced a political backlash and pressure to re-balance prosecutorial policies.

How Does DOJ’s Newest Policy Favor Individual Prosecutions?

In September, Deputy Attorney General Yates issued DOJ’s latest enforcement policy memorandum, addressing “Individual Accountability for Corporate Wrongdoing.” DOJ will apply this latest revision to all criminal prosecutions, and to civil enforcement as appropriate. The memo sets forth 6 basic criteria for U.S. Attorneys to apply and follow:

1. “To be eligible for anv cooperation credit, corporations must provide [DOJ] all relevant facts about the individuals involved in corporate misconduct.
2. Both criminal and civil corporate investigations should focus on individuals from the inception of the investigation.
3. Criminal and civil attorneys handling corporate investigations should be in routine communication with one another.
4. Absent extraordinary circumstances, no corporate resolution will provide protection from criminal or civil liability for any individuals.
5. Corporate cases should not be resolved without a clear plan to resolve related individual cases before the statute of limitations expires and declinations as to individuals in such cases must be memorialized.
6. Civil attorneys should consistently focus on individuals as well as the company and evaluate whether to bring suit against an individual based on considerations beyond that individual's ability to pay.”

If organizations respond to these incentives by providing incriminating facts about individuals, the new policy will tend to create wedges between organizations and their personnel, which DOJ is now pledging to prosecute more vigorously. It remains to be seen how these incentives will actually be applied by prosecutors, followed by defendants, and reviewed by courts.

Self-Assessment Checklist

• Has the organization established compliance and/or ethics programs to prevent and detect violations of applicable laws?
  • Do formal organizational policies define standards and procedures for agents and employees?
  • Are specific high-level personnel assigned responsibility and authority to ensure these standards and procedures are followed?
  • Does the organization provide training and/or other means to communicate standards and procedures effectively to its agents and employees?
  • Is there an effective program for enforcing these standards (e.g., monitoring and audits)?
  • Are there internal reporting mechanisms (including protections against possible retaliation)?
  • Does the program include clear and effective disciplinary mechanisms?
  • Does the program provide for immediate and appropriate steps to correct the condition giving rise to any detected offense or violation (e.g., program changes and individual disciplinary actions)?
  • Does the program include provisions for self-reporting to appropriate authorities?