How do you create an aviation regulatory framework that “sustain[s] the highest levels of security through shared outcomes”? The Transportation Security Administration’s new Action Plan Program (“APP”) seeks to answer that essential question. The APP, which went into effect on August 26, 2019, details an alternative framework for addressing security compliance issues. Rather than relying on traditional, penalty-focused civil enforcement action, the new program focuses on achieving a universally desired “outcome” – namely, increased aviation security. The program offers regulated parties a non-punitive option to resolving TSA security regulation violations. While the APP could prove beneficial to both TSA and industry, it raises some areas of concern for airlines and other regulated parties.
The purpose of the program is to “creat[e] incentives for eligible parties to identify security vulnerabilities, correct their own instances of regulatory non-compliance whether discovered by the eligible party or TSA, and invest resources and effort to improve transportation security.” Today, when a regulated party violates a TSA security regulation, TSA may pursue legal enforcement action under federal law. The APP provides an alternative way forward, one where “eligible parties…[may be able] to offset potential civil penalties with investment…a clear benefit over the traditional civil enforcement process.” By taking financial resources that would otherwise be put towards a civil penalty and instead investing in security enhancements, TSA, aviation companies, and the traveling public benefit. However, to take advantage of the APP program, certain criteria must be met, including the satisfaction of several critical components.
First, the program is only available to “eligible parties” regulated by TSA, including U.S. and foreign airlines, airports, certified cargo screening facilities, indirect air carriers, flight training providers, and third-party canine-cargo program facilities (among others). Second, the program applies to either “an identified security vulnerability” or “an instance of non-compliance,” whether or not they are voluntarily disclosed by an eligible party or discovered by TSA, though the program is not applicable to egregious or intentional conduct (as well as other excluded activity). Third, both the regulated party and TSA must agree to take the APP approach. Assuming these (as well as other criteria) are met, the parties then proceed with the action plan process. In most cases, the APP will be administered by local airport Federal Security Directors (with certain exceptions) to ensure tailored programs that address issues of concern that may be specific to a particular geographical location.
Potential Areas of Industry Concern
Airlines, airports, and other regulated parties have good reason to be cautiously optimistic about the new program, which appears focused on directing financial and other company resources towards solving security problems rather than on punishing instances of non-compliance. However, there are certain unique aspects to the program of potential concern to airlines, airports, and other regulated parties. For example, in addition to TSA-discovered instances of non-compliance, the program also covers issues airlines, airports, and other parties voluntarily disclose to TSA. Notably, the program also covers “security vulnerabilities.” These are non-violations (often considered precursors to a violation) and involve “circumstances or conditions which are a threat to transportation security prior to the occurrence of any [related] non-compliance.” By incorporating vulnerabilities, TSA provides the partnership-focused benefits of the APP to parties seeking to fix potential concerns before they become something more – a proactive approach, to be sure, that is not currently part of the formal enforcement process. However, since vulnerabilities are technically not yet violations, their incorporation could prove challenging when the parties seek to agree on the desired “outcome.”
No matter the circumstances, airlines, airports, and other regulated parties should carefully consider the legal implications of utilizing the APP option for any case before proceeding given the complexities and uncertainties of the APP framework.