Search Options
Index | Site Map | FAQ | Facility Info | Reading Rm | New | Help | Glossary | Contact Us

SECY-99-087

March 24, 1999

PURPOSE:

To obtain Commission approval of the staff's recommendations to revise the NRC Enforcement Policy regarding the concept of "regulatory significance" and for making the Enforcement Policy more risk-informed. With regard to the second issue, this paper seeks Commission approval for a change to the policy to address risk but not to further revise the reactor Supplements of the Enforcement Policy in light of changes being developed to integrate enforcement into the new overall reactor oversight program.

BACKGROUND:

In the Staff's Requirements Memorandum (SRM), dated April 10, 1998, the Commission directed the staff to (1) develop a definition for regulatory significance for possible inclusion in the Enforcement Policy, and (2) consider improvement in the explanation of "safety significance" in the Enforcement Manual (Section 3.5.a). The SRM stated that regulatory significance should continue to be a factor in determining the severity level of a violation in conformity with the Enforcement Policy, whether or not it is considered to be a part of safety significance and that regulatory significance be applied in a manner consistent with the Commission guidance to the staff on safety and compliance. The use of regulatory significance was also included for staff action as item II.C.6 of the Tasking Memorandum.

In the quarterly status report of the Probabilistic Risk Assessment (PRA) Implementation Plan (SECY-98-096, dated May 1, 1998), the staff committed to initiating actions to consider risk in the reactor enforcement process. This was reflected in items I.D.13 and II.C.7 of the Tasking Memorandum, calling for development of risk informed examples for the Enforcement Policy.

In developing this paper, the staff considered comments of various internal and external stakeholders. Consideration was given to written comments submitted in response to a May 13, 1998 revision to the Enforcement Policy; Congressional concerns; information provided during numerous meetings with representatives of the industry and public interest groups; and several written submittals⁽¹⁾. The main stakeholder involvement has been with the Nuclear Energy Institute (NEI ), various power reactor licensees, the Union of Concerned Scientists (UCS), and Public Citizen.

DISCUSSION:

I.  Process to Determine Significance of a Violation

Because regulatory requirements have varying degrees of safety, safeguards, or environmental significance, the NRC's Enforcement Policy uses a graded approach in dealing with noncompliances, both in terms of assessing significance and developing sanctions. Section IV of the Policy provides that assessing the relative significance of the violation is the first step in the enforcement process. In accordance with the Policy, the degree of technical and regulatory significance or severity level of a violation is defined by the level of "regulatory concern." While the Policy does not specifically define the term, regulatory concern, it is used to describe the breadth of NRC regulatory responsibilities, i.e., safety, safeguards, and the environment. The degree of regulatory concern is based on an evaluation of the actual and potential consequences of the involved violations, their root causes, and surrounding circumstances.⁽²⁾ When violations arise to a significant regulatory concern and are categorized at a Severity Level III, the NRC is saying, in essence, that the violations are of significant safety, safeguards, or environmental concern. The Policy provides guidance in its Supplements to assist in making severity level decisions in a consistent way.

Current Policy:

Currently, the Policy considers the significance of a violation by weighing (1) actual consequences, (2) potential consequences, and (3) regulatory significance. Regulatory significance addresses a wide variation of violations. It is used in three basic types of cases:

Type 1 - Impacting the Regulatory Process

These cases involve violations that have safety implications based on the impact or potential impact of the violation on the NRC's ability to carry out its statutory mission. Examples of cases in this category would include violations of 10 CFR 30.9, 50.9, etc. (completeness and accuracy of information), 30.34(f), 50.54(a), 50.59, 76.68,etc. (NRC approval needed for changes), and Subpart M of Part 20, 30.50, 50.72-73, etc. (reporting requirements).

Type 2 - Integrity

These cases involve willful violations including the ability to maintain a safety conscious work environment. Examples of cases in this category would include violations of 10 CFR 30.10, 50.5, etc. (deliberate misconduct), and willful violations of requirements including 30.7, 50.7,etc. (discrimination), 30.9, 50.9, etc. (completeness and accuracy of information), and reporting requirements.

Type 3 - Aggregation of Violations

These cases involve a number of less safety significant violations where their cumulative significance is greater than the individual issues treated separately. The violations are normally aggregated together because of common root causes and surrounding circumstances. A common application of regulatory significance is for significant programmatic violations described in the various Policy Supplements as violations involving a breakdown in control of licensed activities that are related or recurring that collectively represent a potentially significant lack of attention or carelessness towards licensed responsibilities.

Proposed Policy:

The staff is proposing to remove the reference in the Policy to "regulatory significance" as a consideration for assessing the significance of a violation. The staff believes this is warranted given the nature of stakeholder concerns which included the lack of a sufficient definition of the term, its subjective nature, and the lack of a clear nexus to safety. There is also a concern that use of regulatory significance (under the practice of aggregation) is a form of assessment that should be performed outside the enforcement process. On the other hand, the staff by using regulatory significance in evaluating violations has had a useful tool to address potential precursors and obtain broad corrective actions addressing programmatic issues. The staff believes this has resulted in improved performance of licensees. Thus, while the staff concludes it is appropriate to eliminate the term, some of its underlying concepts as discussed below should be retained. This should preserve the ability to evaluate violations based on those concepts the staff believes important while minimizing the controversy that surrounds the use of the term.

The staff is recommending an approach for assessing significance of violations that weighs: (1) the actual safety consequences, (2) the potential safety consequences, including consideration of risk information, (3) the potential for impacting the NRC's ability to perform its regulatory functions, and (4) any integrity aspects of the violation. Violations that were considered to be of regulatory significance under the old policy, may still warrant categorization as a significant violation based on potential consequences, the potential to impact the regulatory process, or based on willfulness. Under the proposed policy, the four elements that should be considered in making a decision on significance are discussed below:

A.  Actual Safety Consequences

In evaluating actual safety consequences, the NRC should consider issues such as actual onsite or offsite releases of radiation, onsite or offsite radiation exposures, accidental criticalities, core damage, loss of significant safety barriers, loss of control of radioactive material or radiological emergencies.

B.  Potential Safety Consequences

1.  As-Found Conditions

The evaluation of the potential consequences of a violation addresses the potential impacts of the as-found condition. In evaluating potential safety consequences, risk is an appropriate consideration. The NRC should consider the realistic likelihood of the violation to affect safety, i.e., the existence of credible scenarios with potential consequences.

The Enforcement Policy has always considered risk, albeit qualitatively, when evaluating the severity level of a violation. The Supplements themselves are already risk informed to some degree as they provide examples at different severity levels such that the greater the potential safety impact, the higher is the severity level. As probabilistic risk assessment became more prevalent, the determination of severity levels of violations began to be augmented by this quantitative risk tool. The Enforcement Policy was revised on December 10, 1996, to expressly address use of risk information in determining severity levels and in civil penalty assessments by permitting escalation of civil penalties in situations when the violation resulted in a substantial increase in risk. Some stakeholders have read the policy as implying that risk is only used to escalate. However, in practice, based on the flexibility within the Policy, the staff frequently uses risk information to arrive at lesser severity levels, including cases of potential Severity Level II and III violations that were instead concluded to be Severity Level III and IV violations, respectively. The Enforcement Manual provides that risk information may be used to both escalate and mitigate severity levels. The Policy should be revised to specifically state that risk might be used to increase or decrease the severity level of a violation described in an example in the Supplements to the Policy.

2.  Other Conditions With Potential Impact

In some cases, the actual as-found condition may not be risk significant. However, the nature and number of the violations associated with an inspection finding when evaluated collectively may still have a potential to increase risk if not corrected. This may be based on the potential impact if the as found conditions were slightly changed, programmatic concerns, or failures to take effective corrective action. In the past, these types of violations, which individually were normally Severity level IV violations, were considered for escalation based on regulatory significance. This formed the basis for staff and licensee interaction, in the context of a set of violations, to address corrective action for precursors. The message in such enforcement actions was to emphasize the need to better control licensed activities before there was adverse impact on public health and safety.

In the staff's view, the NRC should continue to consider those cases where the cumulative effect of a number of less significant related or recurring violations appear to present a greater risk than the individual violations treated separately. The Policy should be clear that it is not just the number but the substance of the violations that affect severity level. There must be a sufficient nexus to safety, safeguards, or the environment to conclude that Severity Level III categorization is appropriate. Cases at this level characterize fundamental performance problems that represent credible precursors to more significant problems. In other words, the focus is on the safety impact of the programmatic violations, not on an assessment of the program.⁽³⁾

With this approach, the staff recommends that the current examples in the Supplements of the Enforcement Policy based on aggregation (e.g., examples C.7 of Supplement I and VI) be revised to focus on the potential consequences associated with the related or recurring violations. For example, the staff would recommend modifying example C.7 of Supplement I to read as follows:

A failure to control licensed activities involving recurring or related violations that collectively demonstrate a significant lack of attention or carelessness towards licensed activities that have a significant and credible potential for impacting safety if not promptly addressed.

Violations that fit this example would be properly characterized as having potential safety consequences. An application of this example would be the following situation: 1) failure to follow procedures during a modification of a risk significant safety system that was missed because of inadequate quality assurance during the modification, 2) the failure to perform post- modification testing before the system was declared operable, 3) failure to compare surveillance results with acceptance levels before signing off on surveillance tests which would have indicated degraded flow, and 4) the system, when called upon to work, provided flow that was below the expected flow rates provided in the FSAR, but at a sufficient rate to provide the safety function based on an after the fact calculation. The fact that there was sufficient flow to perform the safety function was fortuitous. There was no risk significant consequence of the as-found condition since the system performed adequately for the specific challenge, but the underlying programmatic violations, if not promptly corrected, could cause in the future systems to be inoperable with potential safety consequences. Such violations are also significant because they may have caused other systems to be degraded or inoperable.

The staff recognizes that stakeholders may still have concerns regarding the staff's approach to addressing significant related or recurring violations. Both NEI and UCS are strongly opposed to the practice of aggregating multiple Severity Level IV violations to Severity Level III problems. Concerns have been expressed that grouping a number of loosely related, low risk violations does not result in significant risk and that aggregation is an inappropriate form of performance assessment. This issue becomes moot for power reactors if the Commission adopts the staff's recommendation for a new enforcement approach as part of the new reactor oversight process since severity levels are not proposed to be used for violations encompassed by the assessment process. There remains, however, the need to have the capability to evaluate the significance of violations in the aggregate pending the application of the new oversight process for all power reactors as well as for other licensees. This concept may be particularly important for material licensees which are subject to less frequent inspections than reactors. For example, where a biannual inspection of a material licensee evidences significant failures to implement license conditions such that there is a credible potential for an overexposure or a substantial release of material if the violations are not corrected, the violations should be categorized as significant based on the potential safety consequences. The policy provides such licensees an incentive to improve performance with lasting corrective action to avoid civil penalties.

In sum, the staff will abandon the practice of aggregating violations to increase severity level to the extent it cannot demonstrate and articulate that there is a credible potential for impacting safety if the programmatic violations are not promptly addressed. This will not be demonstrated by the number of violations alone, but by the number and substance of the violations as well as the potential hazards or risks of the licenced activity associated with the violations. In some cases, staff will not be able, as it has done in the past, to aggregate violations into a higher severity level because of the lack of risk presented by the licensed activity. The staff notes that the management oversight and the guidance reflected in EGM 98-009, on which this policy recommendation is based, has substantially decreased the number of cases considered for escalation based on aggregation under the current Policy.

The staff recognizes that significance determinations in this area as well as the other areas require the exercise of judgment that must be closely monitored for agency wide consistency. The staff intends to continue this oversight.

3.  Repetitive Violations

Section IV.B. of the Policy currently provides that a Severity Level IV violation may be increased to a Severity Level III if the violation is considered repetitive. The purpose of escalating the severity level of repetitive violations as described in the Policy is to "acknowledge the added significance of the situation based on the licensee's failure to implement effective corrective action from the previous violation." In the staff's view, the decision to escalate the severity level of a repetitive violation should be considered based on the potential impact on safety and any willfulness associated with the failure to take corrective action. These considerations are covered by items I.B.2, above, and I.D., below.

C.  Impacting the Regulatory Process

In determining the significance of violations, the NRC should continue to consider violations that impact or have the potential to impact NRC's ability to carry out its statutory mission. Examples of cases in this category would include violations of 10 CFR 30.9, 50.9, etc. (completeness and accuracy of information), 30.34(f), 50.54(a), 50.59, 76.68,etc. (NRC approval needed for changes), and Subpart M of Part 20, 30.50, 50.72-73, etc. (reporting requirements).

D.  Willful Violations

In determining the significance of violations, the NRC should continue to consider willful violations involving licensees and their employees, including the ability to maintain a safety conscious work environment. Examples of cases in this category would include violations of 10 CFR 30.10, 50.5, etc. (deliberate misconduct), and willful violations of requirements including 30.7, 50.7,etc. (discrimination), 30.9, 50.9, etc. (completeness and accuracy of information), and reporting requirements.

The above changes would apply to enforcement actions associated with all licensees and certificate holders.

II.  Risk Informing the Reactor Supplements

As noted above, the staff is tasked with risk informing the Supplements to the Policy associated with power reactors. The staff has considered various methods to do so and has had several meetings with stakeholders on this subject. The staff intended to improve and increase the number of examples in the Supplements as indicated in the PRA Implementation Plan. However, in light of the effort to completely revise the reactor enforcement process as part of the integration of the overall reactor oversight process, the staff proposes to abandon that effort. The new enforcement process will be risk-informed and performance-based as it will categorize the significance of violations as part of the reactor assessment process. Given limited resources, and the relatively short time period before the new oversight process will be put in effect, assuming the pilot effort is successful, the staff believes it is prudent to focus its efforts on developing the new enforcement process that will replace the need to rely on the Supplements for violations covered by the reactor assessment process.

For reactor licensees not covered by the pilot oversight efforts, the staff will continue to use the existing Enforcement Policy using risk considerations as discussed above in this paper. For example, Supplement I, Reactor Operations, provides a graduated set of examples based on the violations' impact on safety systems. The staff intends to generally apply those examples to risk significant systems. In deciding which systems are risk significant, the staff will consider licensees' designations of high risk systems from their maintenance rule implementation as well as other generic system clarification schemes such as those being proposed in the revisions to reporting requirements in 10 CFR 50.72. The staff intends to lower severity levels for less significant systems. These approaches reflect, to a large degree, the longstanding staff practice of adjusting severity levels based on system safety importance and the extent and duration of system degradation. As warranted, the ability of plant personnel to either recover the affected systems or implement alternate mitigation will be considered. In making severity level decisions, regional and NRR Senior Risk Analysts will continue to be routinely consulted for risk insight into specific issues.⁽⁴⁾

RECOMMENDATIONS:

The staff recommends that

As a final note, although this proposed strategy will remove some subjectivity, given the nature and complexity associated with the regulation of nuclear activities, the process of assessing significance and assigning severity levels is still not purely objective. Judgment and discretion must continue to be exercised in enforcement decision-making. As noted above for power reactor licensees, the proposed recommendations serve to transition the existing policy toward those concepts of the new reactor oversight process.

The staff recommends that the Commission approve the above recommendations. Following Commission approval, the staff will submit changes to the Enforcement Policy for publication in the Federal Register. Necessary changes to the Inspection manual will also be made.

COORDINATION:

The Office of the General Counsel has no legal objection to this paper.

1. See, NEI letters to James Lieberman, dated December 14, 1998, and to William Travers, dated October 23, 1998, and UCS letter to James Lieberman dated November 11, 1998.

2. NRC Enforcement Policy, Appendix A: Safety and Compliance provides that "the NRC must evaluate the non-compliance both in terms of its direct safety and regulatory significance and by assessing whether it is part of a pattern of non-compliance(i.e., the degree of pervasiveness) that can lead to a determination that licensee control processes are no longer adequate to ensure protection of the public health and safety."

3. This approach is similar to the guidance in Enforcement Guidance Memorandum (EGM) 98-009, which was issued by the Director of the Office of Enforcement on November 25, 1998, as a preliminary step in describing the use of regulatory significance. The EGM emphasized that recurring or multiple violations must have a significant and credible potential for impacting safety if not promptly addressed to warrant Severity Level III categorization. The EGM also noted that the need to have a sufficient nexus to safety, safeguards, and the environment might narrow the application of existing examples in the Supplements of the Policy involving aggregation of violations. The EGM also established greater oversight for cases involving regulatory significance.

4. NMSS and OE are reviewing various aspects of enforcement of license and certificate conditions issued by NMSS to determine how the enforcement process for those activities can be made more risk informed and performance based.