Operational Excellence through Leadership and Compliance

Maritime Compliance Report

Welcome. Staying in compliance takes dedication, diligence and strong leadership skills to stay on top of all the requirements which seem to keep coming at a rapid pace. With this blog I hope to provide visitors with content that will help them in their daily work of staying in compliance. I hope you find it a resource worthy of your time and I look forward to your feedback, questions, comments and concerns. Thanks for stopping by. To avoid missing critical updates, don’t forget to sign up by clicking the white envelope in the blue toolbar below.

TWIC Reader Final Rule

The revised MTSA regulations included in the recently published TWIC Final Rule go into effect on August 23, 2018. As usual, the final rule comes with an extensive preamble discussion of the Coast Guard's response to comments received during the rule making process. The preamble, which contains essential information, is usually skipped over by most readers. In fact, seasoned Coast Guard marine inspectors know to look back at the Federal Register when a particular regulation was published in order to determine the intent of a regulation in question.

Headline
The headline for this final rule is clearly: "We clarify that this final rule only affects Risk Group A vessels and facilities, and that no changes to the existing business practices of other MTSA-related vessels and facilities are required." Before you get too excited about that, you must understand this: when Coast Guard Headquarters makes that statement they are assuming you are currently doing everything correctly in accordance with the regulations and guidance. Hopefully, for you that is the case, but maybe not. Many compliance variations have been allowed over the years. Regardless, this new regulation will bring new scrutiny by the Coast Guard, and may bring some previously accepted practices into question. I will explain further below under "Potential impacts for non-Risk Group A Facilities."

Which vessels are required to conduct electronic TWIC inspections?
Only Risk Group A vessels will be required to conduct electronic TWIC inspections. Risk Group A vessel are listed in 33 CFR 104.263: vessels carrying CDCs in bulk; vessels certificated to carry more than 1,000 passengers; and vessels engaged in towing vessels subject to (a)(1) and (a) (2). Now before you towing vessel folks get too excited, there's an exemption from electronic TWIC inspection requirements for vessels with 20 or fewer TWIC-holding crewmembers. That number is determined by the minimum manning requirement specified on the COI. The Coast Guard estimates that only one vessel will be required conduct electronic TWIC inspections.

Which facilities are required to conduct electronic TWIC inspections?
Only Risk Group A facilities will be required to conduct electronic TWIC inspections. Risk Group A facilities are listed in 33 CFR 105.253: facilities that handles CDCs in bulk or receive vessels carrying CDCs in bulk; and facilities that receive vessels certificated to carry more than 1, 000 passengers. Now before you stop reading this, here are a couple of things to think about: How do you ensure the ship at your dock is not carrying CDCs in bulk even if that cargo has nothing to do with your facility? Also, "handling" includes CDCs in bulk being handled by truck or rail or other means on the facility, not just vessel related. The Coast Guard estimates that 525 facilities will have to conduct electronic TWIC verification. No OCS facilities are expected to have to conduct electronic TWIC verifications.

What is Certain Dangerous Cargo (CDC)? 
It is a short but complicated list of cargos contained in 33 CFR 160.202, including ammonium nitrate based fertilizer.

A TWIC reader or a PACS?
For Risk Group A the Coast Guard authorizes either TWIC readers or using Physical Access Control Systems (PACS) that meets the standard. 33 CFR 101.530 details PACS requirements specifically for Risk Group A. The preamble explains, "… we are providing greater flexibility on the type of equipment used, as long as the three parts of electronic TWIC inspection are performed satisfactorily." Some existing PACS accepted by the Coast Guard may need upgrading for Risk Group A facilities. 

Barge Fleeting Facilities
The revised regulation contains an exemption for certain barge fleeting facilities. 33 CFR 105.110(e) "Barge fleeting facilities without shore side access are exempt from the requirements in 33 CFR 101.535(b)(1) (Electronic TWIC inspection requirements for Risk Group A)

Clearly, if a barge fleeting facility containing ammonium nitrate barges can be accessed from shore, without having to take a boat, it will not be exempt from these TWIC reader requirements. MTSA PAC 10-09 allows free floating barge fleeting facilities to be defined as areas in the water, in accordance with the regulatory definition. This allows barge fleeting facilities to define the tiers containing the MTSA regulated barges as the "facility," and omit other tiers of non-MTSA regulated barges and shore side areas containing an office or wash dock. Therefore, if a barge fleeting facility is defined as in the FSP, for example, as mile 147.1 to 146.9, right descending bank of the Mississippi River, it may be able to claim this exemption.

Barge fleeting facilities that did not take advantage of this PAC and include all shore side areas, and did not limit their secure area to regulated barge tiers, may find themselves missing out on the exemption provided above, regardless of whether one must take a boat to get to the regulated barges. The preamble discussion sheds some light on the topic: "These commenters raise important issues as to how we would apply the electronic TWIC inspection process to secure areas on water, such as barge fleeting facilities. Upon consideration, we do not believe that requiring electronic TWIC inspection prior to entering such areas would be practical, as there is no particular access point to such an area that can be controlled by a TWIC reader. Electronic TWIC inspection would instead be required at the barge fleeting facility's shore side location."

Based on these comments its seems the verbiage of the exemption referring to "without shore side access," means an isolated barge fleeting facility along a waterway with no shore side "location" from which one would go through first to gain access to the barge fleet. Not just a free floating tier of barges.

Note: On 09/07/16, this barge fleeting section was read and confirmed to be correct by the Coast Guard Headquarters' P.O.C. named in the final rule.

Potential impacts for non-Risk Group A Facilities:

Incorporating TWIC checks into existing PACS
The guidance for incorporating TWIC checks into existing systems (PACS) is contained in NVIC 03-07 and PAC 08-09 CH1. The preamble explains those guidance documents will remain valid for non-Risk Group A facilities, but will be updated: "NVIC 03-07 and PAC 08-09 CH1 … because we are not making changes to the TWIC requirements for those vessels and facilities not in risk Group A, the guidance documents will retain their validity with regard to those entities. We will update and post these guidance documents online … prior to the effective date of the final rule." So what will the updated guidance look like for non-Risk Group A facilities? Here's the rub. 33 CFR 101.520, Electronic TWIC inspection, is not specific for Risk Group A facilities and outlines that the requirements must include: (a) Card authentication (b) card validity check (c) identity verification. Therefore, the revised guidance should be in line with the regulation and may not allow for issuing a facility swipe card to allow self-access to secure areas just because the person showed they possessed a valid TWIC, or even if a camera was added to monitor the person swipe themselves in.

Access point to Secure Area
The preamble sheds light onto a gray area, the physical place where the TWIC verification must take place: "Given the requirement that electronic TWIC inspection be conducted "prior to each entry" into a secure area (of facilities), we would anticipate that inspection points at facilities would be located at the access points to secure areas." While this verbiage in the preamble is in regards to electronic TWIC inspection, it is essentially the same for all MTSA facilities as outlined in NVIC 03-07, but clearer with regards to the location of the TWIC verification process. Therefore, some compliance processes proposed in the past may be affected, such as: checking the TWIC at the front gate guard shack and then telling a visitor a punch code, or handing him a swipe card, to let himself into the secure area dock gate.

Restricted areas
There is an omission in the preamble discussion regarding the NVIC discussion of restricted areas, which might cause the reader to believe that the secure area must encompass all restricted areas. That is not the case. However, the preamble does contain an interesting comment regarding restricted area access control: "We note that a second round of electronic TWIC inspection is not required when passing from a secure area to a restricted area, although we would anticipate other security measures to be in place." The implication is for more than signage, (33 CFR 105.260(c)).

Escorting
The preamble addresses escorting via CCTV and reiterates the standard put forth in the NVIC: "Where such monitoring is appropriate, the general principle applies that monitoring must enable sufficient observation of the individual with a means to respond if the individual is observed to be engaging in unauthorized activities or crossing into an unauthorized area." This may give rise to the Coast Guard ensuring continuous monitoring non-TWIC personnel, which meets the intent of the regulation, not just having cameras installed.

Secure area access control

33 CFR 105.255(a)(4) implies the secure area should be fenced, but it doesn't actually say that. If some secure areas within facilities were approved without fencing or additional access control, the new verbiage for Risk Group A facilities tacked onto this citation may bring some access control measure for secure areas into question. 

  5267 Hits

TWIC Readers

"I thought TWICs were going away?"  I have heard this many times over the past year. They are not. Many believe TWIC is a useless program. The truth is TWIC is a very important program, but few understand it.

Basically, the most important purpose of a TWIC is to not allow anyone, unescorted, into a secure area of a vessel or facility unless we know they are not a terrorist and they have a card to prove it. This may seem like nonsense to some, but if a major terrorist organization can send a terrorist spy to the U.S. and infiltrate the CIA, FBI and Army Special Warfare command, then they can surely send some to infiltrate the maritime industry. In fact, during one joint FBI/ USCG operation, a significant number of individuals "having a nexus to terrorism matters," were found to have U.S. merchant mariner documents and they were subsequently placed on the terrorist watch list and the no-fly list. Furthermore, officials recently uncovered a major plot to attack the maritime industry because it is viewed as a soft target by terrorists.

Due to the lack of understanding, or acceptance of the threat, the way TWIC has been implemented and enforced in many instances makes no sense, and therefore it appears to be "useless" to the casual observer who assumes the TWIC process they observe is the one prescribed by the government.

The TWIC was designed to be a biometric credential to be used with a TWIC Reader. Realizing that we don't yet have TWIC readers, that fake TWICs are a reality, and that someone could gain access using a stolen TWIC on an automated system without biometric interface, years ago the Coast Guard published fairly specific requirements on how a TWIC should be verified by the person granting access to the secure area.

The Coast Guard recently released a Proposed Rule on the TWIC Readers. Vessels and facilities were placed in risk categories A through C. According to the proposed rule only risk category A vessels and facilities will have to use a TWIC Reader. Risk Category A is limited to vessels and facilities that handle Certain Dangerous Cargoes (CDCs) in bulk, including barge fleeting facilities with CDCs, and vessels with more than 1,000 passengers. So, the vast majority of Subchapter H compliant vessels and facilities will have to continue to verify TWICs manually.  There's the rub. This sounds like a good deal, until it is enforced.

Here's a quiz: What are the three words on the triangle at the center of all TWICs? If a person granting access to a secure area has actually been examining TWICs each time as required, then surely they would remember that those three words are: "privacy, security and commerce." And by the way, poor eyesight is not a good excuse for not complying with a federal regulation. If they cannot see what they are required to check by regulation, they have no business being posted at such a position. Reading glasses or a magnifying glass would come in handy in those situations. Also, you'd also be surprised with what an inexpensive black light will show on a TWIC. 

  3951 Hits

Contact Us

This email address is being protected from spambots. You need JavaScript enabled to view it.
Phone: 504.249.5291

Copyright ©
Maritime Compliance International
All rights reserved | Privacy Policy

Maritime Compliance Report Sign-Up

Click here to subscribe to the Maritime Compliance Report blog for critical email updates on compliance issues.