The latest round of maritime regulations — the Maritime Security Act rules — apply to far more than just ports and vessels. The new rules encompass a wide spectrum of facilities that are located on or adjacent to the navigable waters of the U.S.
Companies need to become aware of these rules and determine — either on their own or with counsel — to what extent their operations fall under the rules. Because of the speed at which these rules were necessarily developed, many companies that are subject to these provisions are unaware that they must comply by December 31, 2003. You don’t want to wake up on January 1 facing both a New Year’s Eve hangover and the failure to comply.
Following are 10 ways to cope with the new maritime rules.
1. Start to comply now
Developing a security plan that is assured of approval is not a short-term endeavor. Companies should begin this process so that they have the time to work through issues, clear up uncertainties and seek guidance before the compliance deadline is looming over their heads.
2. Tailor your plan to your threats, risk and circumstances
For some facilities the most appropriate way to meet the access control requirement will be chain link fences. However, at facilities where more is at risk, effective access control may necessitate closed- circuit television monitoring systems, pipe barricades and other more extensive protections. Regulated parties need to be aware of the level of threat and risk their operations face, and then match the level of their security planning to those circumstances.
3. Don’t underestimate your risks
We expect the U.S. Coast Guard to take a hard look at security plans. If a plan comes up short, the penalties can include having your operations curtailed or your facility shut down. The risk of noncompliance penalties is a very real, across-the-board risk. Moreover, the threats here go beyond terrorists to include disgruntled employees, criminals and others who might take advantage of inadequate security. And, with these new rules in place, if a facility’s security remains sub-standard and something does happen, there is the real potential for end-of-the-company liabilities in lawsuits.
4. Don’t overlook simple solutions
These simple solutions will not be enough for every company, but they should be a part of every company’s overall approach to security.
5. Watch out for interdependencies
Interdependencies are also where real risks can come in. If, for example, your company allows employees from suppliers or shippers or clients access to your facility, your security is only as good as the screening programs of these other companies. If your company has an integrated information technology (IT) system that allows your clients or suppliers access, your IT security is only as strong as the weakest link in a cyber-chain that stretches out from you, to these other entities, and to all those who have access to their systems.
6. Treat this like any other regulatory matter
Companies are advised to ensure that their lawyers — whether in-house or outside counsel — are part of their security compliance team. In addition, by using counsel, companies can seek to use the attorney/client privilege to shield some of the tough choices that security planning may entail from disclosure down the road if something should happen.
7. Take a multi-disciplinary approach
In this new era of corporate accountability, your corporate leadership should be on the team, or at minimum, kept apprised of developments and actions. Further, security can’t exist in a vacuum — it needs to be integrated with your operations so that it doesn’t reduce the cost-effectiveness of the company. In other words, your operations people need to be at the table and must consider what each change will entail. For example, installing a