Controlling Maritime Security Cost
It is expected that the USCG will begin stepping up compliance measures and holding companies more accountable to the codes and regulations of the Maritime Security Act of 2002 (MTSA). The anticipated actions by the USCG, combined with the current cost of normal security procedures, will make it increasingly more difficult for companies to balance compliance with manageable security budgets. In addition, companies that lack the knowledge and experience to maintain full compliance run the risk of compounding the cost burden with regulatory financial penalties. Complicating matters even further, affected U.S. companies must now also comply with the Safety and Security of Every Port Act (Safe Port) and the Transportation Workers Identification Credential (TWIC).
As a consequence, proactive companies may begin searching for new and more creative ways to balance the cost of responsible maritime security practices with limited budgetary resources. Fortunately, ever increasing demands of maritime security regulations do not have to mean ever increasing maritime security cost. Proper training, selective outsourcing, and the use of risk assessment models that can be quantified in dollars and cents are the key ingredients to maximizing both compliance and security budgets.
When companies wish to have employees trained in MTSA and International Ship and Port Facility Security (ISPS) issues, they currently have three options:
1) Use in-house personnel to conduct in-house training;
2) Use outside training vendors that provide “certificated” courses via classroom, video, and internet delivery methods.
3) Use U.S. Maritime Administration (MARAD) approved training vendors that offer “certified” MTSA courses.
On the surface it may be easy to view the first two options as justifiable shortcuts and effective ways to shorten both time and money spent on training. After all, no one is required to participate in USCG/ MARAD approved training. However, as is the case with most company initiatives, the more shortcuts are used, the less effective and valuable the outcome.
Although exceptions exist, generally speaking in-house company training personnel either lack the subject matter expertise and /or knowledge of changing codes and regulations to provide proper or complete training. Likewise, when companies use outside vendors that offer shortened and/or less expensive “certificated” courses – wherein the employee receives a generic “certificate” for having completed the course, but not an USCG/MARAD “certification” that the course was inclusive of all relevant material or accurately presented – the end result is an employee who may incorrectly believe they learned all they needed to know. Where security and compliance are concerned, the last thing a company needs is increased liability resulting from the improper security actions of an employee, particularly if the actions could have been avoided through proper training (think OSHA).
The International Maritime Organization (IMO) is already demanding that Ship Security Officers have “certified training” as a part of their Standards of Training Certification Watchkeeping (STCW) requirements. The U.S. government, through MTSA, has followed suit with Vessel Security Officers now subject to STCW and is expected to follow the IMO lead with provisions mandating “certified training” for other individuals charged with security duties.
Beyond simply using properly USCG/MARAD certified training courses, a company’s goal should be to ensure that employees participating in training courses actually gain the knowledge required to perform their regulatory functions in the most proficient manner possible. Perhaps the most significant benefit to utilizing third party training vendors – whose courses have been reviewed, approved, and certified by USCG/MARAD – is a standardized process that significantly helps owners and operators change the security culture within their companies resulting in full regulatory compliance and enhanced protection of their critical infrastructure.
MARAD provides a full list of approved training vendors on its website (www.marad.dot.gov). For additional confidence in selecting a USCG/MARAD approved training vendor, look to companies that also have maritime security training alliances with one of the U.S. maritime academies.
Companies searching for an overall enhancement to their security measures should consider retaining a vendor that provides a full MTSA/ISPS Maritime Security Compliance Program (MSCP). MSCP’s are designed to remove the day to day burden of MTSA/ISPS regulated responsibilities by outsourcing the management and oversight of mandated activities including: security drills, security assessments, training, exercises, security plan writing, third party audits, etc.
Companies operating in the maritime domain that are familiar with the International Convention to Prevent Maritime Pollution (MARPOL) and the Oil Pollution Act of 1990 (OPA) should understand the value of outsourcing compliance management programs to a specialized and independent third party resource.
The most immediate and obvious benefit of incorporating a MSCP is the company’s ability to reallocate the focus of the employee back to generating revenue and/or supporting client services. Additionally, MSCP vendors can assist companies in developing healthy relationships with the regulatory bodies that oversee enforcement of codes and regulations.
The best MSCPs allow the company to “log-in” to the MSCP system. Having their own account log-in site, companies are able to monitor and evaluate the ongoing plan, efforts, organization, and progress of the MSCP provider. Companies have full and immediate access to every aspect of their security plans – i.e. security plans, files and agreements, activities of events, training history, and compliance checklists.
Risk Assessment & Analysis
Currently there are hundreds of assessment firms that provide “static” independent risk analysis. The vast majority of these firms generate reports that are not standardized, are not tied to a defensible financial outcome, and cannot be updated in a real time format.
One company currently providing a new approach to risk assessment and analysis is Aléa Holdings (www.aleaholdings.com). Aléa stands out from the pack as a result of its unique proprietary assessment software called INTELOS. INTELOS combines engineering and security data into one standardized report. The model is unique in that it delivers measurable results that drive operational and financial value through cost optimization, increased risk predictability, efficient budget, and resource allocation throughout the extended company/enterprise.
An “INTELOS-style model” also provides the client with multiple benefits on a fully scalable and organic model that can sit above multiple business “silos” acting as a risk dashboard, allowing multiple divisions to access and benefit from the detailed reports. But, the ultimate benefit from this type of model is the accurate quantification of risk in a fully defensible model that is directly tied to cost optimization and annual cost savings through the procurement of more efficiently priced insurance products.
For more information, Email DWalsh@m-pactusa.com