Operational Excellence through Leadership and Compliance

Maritime Compliance Report

Welcome. Staying in compliance takes dedication, diligence and strong leadership skills to stay on top of all the requirements which seem to keep coming at a rapid pace. With this blog I hope to provide visitors with content that will help them in their daily work of staying in compliance. I hope you find it a resource worthy of your time and I look forward to your feedback, questions, comments and concerns. Thanks for stopping by. To avoid missing critical updates, don’t forget to sign up by clicking the white envelope in the blue toolbar below.

Facility Security Officer (FSO) Training

Recently, a few clients have asked me about training and certification of facility security officers (FSOs). So, I will try to explain the current requirements and those expected in the future.

Ten years ago the MTSA regulations were published. The Coast Guard listed the requirements for FSO, stating the FSO must have "general knowledge, through training or on the job experience in the following:" and went on to list the topics.A subsection went on to say, that in addition the FSO must "have knowledge andreceive training in the following:" and went on to list further topics. Most designated FSOs realized they needed training, and a number of training providers developed courses, delivered training, and certified that individuals had been trained.

There is not now, and never was, a requirement for the training course to be "approved." However, at the time a program was established through theMaritime Administration (MARAD) to approve courses based on a model course developed by MARAD. A number of training providers decided to take advantage of this program to get their courses "approved" even though it was not required.

It should be noted that in 2009 STCW for Ship (Vessel) Security Officer (VSO)went into effect. Since this was an international requirement for mariner credentials, the course taken by VSOs, to get there document endorsed, needed to be an approved course. However, in the revision of that regulation, the Coast Guard recognized that many VSOs had already been trained through non-approved courses, and they made an allowance for those individuals to take a one-day refresher course instead of a full VSO training course.

Section 821 of the Coast Guard Authorization Act of 2010 requires the development of comprehensive FSO training which will lead to certification. As a result, a revised model course for FSO has been developed, and a public meeting was held to discuss the model course and training requirements. It is expected that sometime in the future, the requirement for FSO training will be changed to required attendance at an approved course.

My clients have asked me if it makes since to spend the money to take an FSO course which is currently approved. If you are also wondering about this, I offer the following thoughts. Bear in mind, this is all pure speculation, as no one knows until we see the regulation:

  • the courses currently approved were approved on a voluntary basis, based upon a model course from years ago, not the model course currently being considered under this regulatory program. Therefore, it is unknown whether attendance at such a course will be accepted without condition under the new regulation.
  • the Coast Guard may only require a one-day refresher course for FSOs previously trained in an unapproved course, as they did for STCW-required VSOs in 2009
  • the Coast Guard may "grandfather" any FSO currently serving or who has received some sort of FSO training, and only require new FSOs to become certified under the new regulations
  • Subchapter M is still not final, 8 years after the law changed requiring towing vessels to be inspected.
  7305 Hits

Declaration of Security

 The maritime security regulations call for the use of a Declaration of Security (DOS) during certain times and situations when there a heightened security threat. The International Ship and Port Security (ISPS) Code takes a more general approach to the DOS than do the very specific U.S. Coast Guard regulations on the topic, which spell out which types of interfaces require a DOS at which MARSEC levels.

However, the intent of the regulations is clear in both, which is for the two interfacing parties to get together and make a deal regarding who will take responsibility for what security measures during a particular interface. This contract, which is usually limited to a single page, is signed by both parties.

Unfortunately, as the years have passed since the publication of the Code and regulations, some of the intent and perceived value of such a document has been lost. It is not unusual to find that a DOS has been filled out and signed, but that the facility and the vessel personnel are unaware of its contents. It is also not unusual to find initials down both columns, including the vessel signing that it is taking responsibility for controlling access to the facility. Clearly, individuals responsible for fulfilling the obligations of the DOS should be aware of the contents.

According to the U.S. regulations, a DOS can be filled out and signed by a Facility or Vessel security Officer or their "designated representative." This should not necessarily be a third party tankerman or stevedore who has no control over the processes prescribed in either security plan. The designated representative should be properly trained as a "vessel and facility personnel with security duties." However, a designated representative does not have to be an alternate facility or vessel security officer who would be required to be trained to the level of an FSO or VSO under the regulations.

A Declaration of Security is a useful tool if used correctly. It continues to raise eyebrows each time we role-play filling one out during training sessions. Make good use of a DOS. The regulations have not gone away, and neither have the threats.
  10522 Hits

No Deficiencies?

Many vessel operators claim that Coast Guard inspections are notoriously inconsistent. They claim such things as, "One Coast Guard guy came and told me it had to be this way, and next year another one came and told me to do something else, and the next year a third guy came back and told me to do it the way we had it in the first place." This unfortunately is true altogether too often, especially when it comes to dealing with inexperienced inspectors or examiners.

I recently was asked to discuss Coast Guard inspection issues with a towboat owner, and every time I mentioned a requirement he didn't like he would interrupt me and say that I was incorrect because the petty officer who examined his towboat either said he didn't have to, or he hadn't mention it during the exam. At the same time this owner complained about how inconsistent the Coast Guard is. This paradox is also too often true. "I'll rely on the Coast Guard to tell me what to do and I'll believe them when it's to my advantage."

Here's why this is not a good compliance management strategy. The Coast Guard rarely checks everything. There are many reasons for this, but just understand when the Coast Guard leaves the vessel and you have no deficiencies, it does not mean you are in compliance. According to a Times Picayune article, Bill Ambrose, Transocean's director of special projects testified during the BP/Deepwater Horizon trial that the rig was in "really good shape," and that during the July 2009 inspection of the rig the Coast Guard found "no deficiencies." However, in an interview about the accident, Wall Street Journal reporter Rebecca Smith characterized Coast Guard inspections as "often cursory." She stated that the Coast Guard did a, "pretty minimal job of inspecting that rig." According to the same Time Picayune article, an expert witness for the plaintiff's lawyers "singled out Transocean for failing to maintain the Deepwater Horizon, having an improperly trained crew, and a rig that was in poor shape."

Operators can rid themselves of the headaches associated with inconsistent inspectors and prepare themselves for litigation by insuring they know the regulations and that they manage their own compliance. 

  3654 Hits

TWIC Readers

"I thought TWICs were going away?"  I have heard this many times over the past year. They are not. Many believe TWIC is a useless program. The truth is TWIC is a very important program, but few understand it.

Basically, the most important purpose of a TWIC is to not allow anyone, unescorted, into a secure area of a vessel or facility unless we know they are not a terrorist and they have a card to prove it. This may seem like nonsense to some, but if a major terrorist organization can send a terrorist spy to the U.S. and infiltrate the CIA, FBI and Army Special Warfare command, then they can surely send some to infiltrate the maritime industry. In fact, during one joint FBI/ USCG operation, a significant number of individuals "having a nexus to terrorism matters," were found to have U.S. merchant mariner documents and they were subsequently placed on the terrorist watch list and the no-fly list. Furthermore, officials recently uncovered a major plot to attack the maritime industry because it is viewed as a soft target by terrorists.

Due to the lack of understanding, or acceptance of the threat, the way TWIC has been implemented and enforced in many instances makes no sense, and therefore it appears to be "useless" to the casual observer who assumes the TWIC process they observe is the one prescribed by the government.

The TWIC was designed to be a biometric credential to be used with a TWIC Reader. Realizing that we don't yet have TWIC readers, that fake TWICs are a reality, and that someone could gain access using a stolen TWIC on an automated system without biometric interface, years ago the Coast Guard published fairly specific requirements on how a TWIC should be verified by the person granting access to the secure area.

The Coast Guard recently released a Proposed Rule on the TWIC Readers. Vessels and facilities were placed in risk categories A through C. According to the proposed rule only risk category A vessels and facilities will have to use a TWIC Reader. Risk Category A is limited to vessels and facilities that handle Certain Dangerous Cargoes (CDCs) in bulk, including barge fleeting facilities with CDCs, and vessels with more than 1,000 passengers. So, the vast majority of Subchapter H compliant vessels and facilities will have to continue to verify TWICs manually.  There's the rub. This sounds like a good deal, until it is enforced.

Here's a quiz: What are the three words on the triangle at the center of all TWICs? If a person granting access to a secure area has actually been examining TWICs each time as required, then surely they would remember that those three words are: "privacy, security and commerce." And by the way, poor eyesight is not a good excuse for not complying with a federal regulation. If they cannot see what they are required to check by regulation, they have no business being posted at such a position. Reading glasses or a magnifying glass would come in handy in those situations. Also, you'd also be surprised with what an inexpensive black light will show on a TWIC. 

  3817 Hits

TWIC Changes

Current regulations have required all credentialed merchant mariners to hold a valid TWIC. But that is no longer the case due to a recent change in the law. Some credentialed mariners will no longer have to obtain a TWIC. For example: on a towboat which opts not to have a security plan, only the licensed captain has been required to have a TWIC due to the fact that he has a license. Now, due to the recent law change, the captain of the towboat with no security plan will no longer have to hold a valid TWIC. The same goes for most small passenger vessel captains who will no longer be required to maintain a valid TWIC. Some think it is a good thing that the Coast Guard has had to revise the requirement because they feel the TWIC is useless.


However, one of the main purposes of a TWIC is to run the applicant through the terrorist watch list to see if they have any links to terrorist organizations or terrorist activities. Some feel that this is unnecessary and that it criminalizes mariners. The truth is that in the past terrorists have blown up passenger ferries in the Philippines, resulting in many lives lost. So what's that got to do with the U.S.? It is a viable threat scenario here as well. Also, according to the FBI's joint "Operation Drydock," with the Coast Guard in 2004 nine credentialed mariners were found to have "possible associations to terrorism." How bad would it be if a vessel was used in a terrorist attack, and it was later found that the captain was a terrorist and that it could have been prevented if anyone had bothered to check? I don't think TWICs are useless.

So why is it OK now if some credentialed mariners don't have TWICs? The Maritime Transportation Security Act of 2002 is counter-terrorism legislation which requires the prevention or deterrence of a transportation security incident (TSI). A "TSI" is defined as a security incident resulting in significant loss of life, environmental damage, transportation system disruption, or economic disruption in a particular area. The Coast Guard, in establishing the applicability of the security regulations, determined some vessels to be at a low risk of being involved in a TSI, and excluded them from the applicability. It is those vessels, which are at low risk of a TSI and have no security plan, which will be allowed to have captains without TWICs. Whether you agree with this or not, one good thing which I hope may come from it is it may help us refocus on the intent of the security regulations, which is to prevent or deter a transportation security incident (TSI), and to avoid the complacency of, to borrow a phrase, "security theater." 

  3966 Hits

Optimizing your Facility Security Plan (FSP)

Port security funds are supposed to be allocated to projects that will have the greatest impact. So, why would scarce taxpayer dollars be spent on fences and cameras to protect non-threatening areas such as settling ponds far away from the nearest waterway? The answer, most likely, is human error. The International Ship and Port Security (ISPS) Code requires port facilities around the globe to comply with the maritime security requirements of the Code. For U.S. port facilities, the U.S. Coast Guard regulations derived from Maritime Transportation Security Act (MTSA) of 2002 provided a definition of the term "facility." However, many years later, there are still conflicting opinions regarding what portions of a facility must be included under the maritime security regulations. The definition of a facility, beyond the description of the waterfront portion, calls for "any contiguous or adjoining property" to be included. Despite this definition, some facilities simply fenced off their docks, called that their facility, and got away with it. Other similar facilities were required to spend tens of thousands of dollars on fencing and other access control issues for their entire property.To clarify "contiguous property," the Coast Guard published guidance which states that in a case where a public street (such as a river road) splits a facility property, the maritime security regulations may only apply to the water side of the road. The example used in the policy guidance is an oil or hazardous material transfer facility with a pipeline crossing over the road. Despite this guidance, there are many facilities where the regulations have been applied to both sides of the road. In addition to costing facilities a great deal of money having to implement a set of regulations where they shouldn't apply, port security grant money is allocated in some cases to secure areas that are no threat at all of a transportation security incident (TSI). It's important to get a facility's footprint correct, not only to save the facility money on implementation issues such as Transportation Worker Identification Credential (TWIC) requirements, but to ensure that the country's limited maritime security resources are spent where the threat is the greatest.   Some Coast Guard personnel may attribute this disparity to individual Captain of the Port (COTP) authority. But in reality, many of these mistakes were made initially due to a lack of understanding of the applicability and policy guidance. We have been successful in getting a number of these facility footprints corrected through the Coast Guard's formal appeals process, saving the facilities thousands of dollars and hopefully avoiding future misappropriation of port security grant money.   Industry should not shy away from questioning the opinions of enforcement personnel out of fear of retaliation. The Coast Guard's policy is that it encourages appeals from industry. Everyone benefits from a constructive dialogue. Going along with things that you know are incorrect usually just leaves you chasing your tail every time a new inspector shows up. 

  4574 Hits

Maritime Security Lesson from an Environmental Disaster

 As we wait for the results of the investigation into the BP/ Deepwater Horizon oil spill in the Gulf of Mexico, one thing appears fairly certain based upon currently published information, and that is that corners may have been cut and unnecessary risks may have been taken. This is not really surprising. We cut corners and take calculated risks every day, often with no negative consequences. Who has never exceeded the speed limit while driving? The natural reaction of politicians and bureaucrats is to make more laws and regulations to fix the problems before we know for sure what the problems are. We may find that the problem wasn't a lack of adequate laws and regulations, but perhaps it was the lack of enforcement, oversight and compliance with the existing laws and regulations. If so, why would the level of enforcement, oversight and compliance drop to a level where an accident like this might occur? Perhaps because they had not had a major accident with similar operations in the recent past to remind them of the threat. BP was reportedly celebrating a safety milestone at the time of the disastrous blowout. If people have not experienced a major accident in quite some time, their minds allow them to believe the threat has become diminished. In actuality the threat has not diminished with the passage of time, but still corners are cut and unnecessary risks are taken, because the precautions that once seemed necessary may now seem like overkill.  Following the attacks of 9/11, the international community passed the ISPS code. Ships, boats, ports and facilities around the world are required to implement security plans which address all relevant threat scenarios. As the years go by without major successful attacks, it is human nature to let our guard down because in our minds the threat has diminished. It has not. Even after six years of full implementation of maritime security plans, many do not understand the threat or the requirements. Do enforcement personnel understand their roles and give full attention to the security programs, or are they still focused mostly on signage and paperwork? Do industry members have good plans that address specific threat scenarios and give clear and concise guidance to those charged with implementing them? Are proper screening, monitoring and drilling conducted as intended by the regulations? We can't go back in time and make those involved in the BP/ Deepwater Horizon disaster make different decisions, but going forward we can ensure we do not lose sight of the threats to our security in the maritime industry. Imagine the answers that would be given to Anderson Cooper on CNN in the weeks following a terrorist attack involving your vessel or port facility. Would they be adequate? Or would it be déjà vu?

  3709 Hits

Contact Us

This email address is being protected from spambots. You need JavaScript enabled to view it.
Phone: 504.249.5291

Copyright ©
Maritime Compliance International
All rights reserved | Privacy Policy

Maritime Compliance Report Sign-Up

Click here to subscribe to the Maritime Compliance Report blog for critical email updates on compliance issues.