SASISOPA Regulatory Compliance for Upstream

With the majority of Exploration and Extraction of Hydrocarbons Contracts (E&P Contracts) moving into appraisal and development stages in which there is a change in their projects’ risk profile, it becomes relevant to address some common issues to comply with the requirements in the Mexican regulations for the health, safety and environment risk management systems (SASISOPA, per its initials in Spanish) before the Agency for Safety, Energy and the Environment (ASEA). 


1. NOT TELLING ITS STAGES APART

SASISOPAs consist of four stages, which are often confused (see right column): 

1. Registration  —  2. Authorization  —  3. Follow up  —  4. Modification


Even E&P Contracts have confused stages 1 and 2.  In Rounds 1.1 to 1.4, the National Hydrocarbons Commission (CNH) was accepting the sole registration to comply with clause 4.1. Later, E&P Contracts expressly requested the authorization of the SASISOPA (stage 2), which was impossible to comply with at such an early point in the project. TALANZA successfully engaged in advocacy efforts before ASEA and CNH to protect Operators from  incurring in a contractual breach, which resulted in a communication from CNH to Operators stating that the SASISOPA registration would be acceptable instead of its authorization.
Concurrently, more often than not, Operators believe they are in a more advanced stage of their SASISOPA,  being in a state of non-compliance out of confusion.


2.       LOSING TOUCH WITH THE PROJECT’S REALITY

SASISOPA shall always be consistent with the current status of the project. Thus, Operators must update their SASISOPA’s file via a request for modification whenever a project undergoes changes that alter the risk profile of the project, such as moving from exploration to appraisal or development stages or any modifications to its respective plans.


3.       KEEPING IT IN THE DRAWER

Most of ASEA’s findings during an inspection or supervision procedure can be attributed to a common cause: Operators obtain the authorization of their SASISOPA to comply with the legal requirements and then store the authorized SASISOPA in the drawer and use their own Corporate HSE Risk Management System instead. Why? This happens for several reasons:

  • To accelerate the start of operations, some Operators request the SASISOPA authorization by presenting procedures or mechanisms that are not systematically related with their Corporate HSE Risk Management System.
  • The person in charge of obtaining the authorization does not fully understand the different stages of SASISOPA and its requirements or, if done by an external, the consultant doesn’t care to understand the Corporate HSE Risk Management System and therefore, neither the person in-house nor the consultant can  interlace both systems.
  • Not embracing the SASISOPA as the tool it’s meant to be, that links the Corporate HSE Risk Management System with the Mexican requirements.

    This entails a high risk of regulatory non-compliance, because although the authorized SASISOPA is aligned with the applicable regulations, ASEA, through an authorized third-party, will evaluate the system that is actually being used and will most likely lead to observations in the report.


4. Downsides

Ultimately, these malpractices may lead to a series of negative consequences, ranging from:

  • Wasted resources;
  • Penalty fees;
  • Partial closure of its facilities, equipment or processes;
  • Total closure of its facilities, equipment or processes, and
  • Administrative rescission of the E&P Contract in case of a serious accident that could cause damage to facilities, fatalities and loss of production, when it is demonstrated that the SASISOPA was not updated or aligned with the applicable regulations.



5.            RECOMMENDATIONS

Overall, these risks can be avoided with a correct understanding of the SASISOPA’s regulatory requirements per stage.  This will allow creating a regulatory compliance strategy that systemically intertwines the Corporate HSE Management System with SASISOPA’s regulatory requirements. An authorized SASISOPA like this, will allow Operators to implement the system they’re experienced in while complying, thus, minimizing not only operational risks but also legal and compliance risks.




SASISOPA stages:


1. Registration. During this stage, Operators must register their Corporate HSE Risk Management System to obtain their Sole Regulated Party ID (CURR, for its initials in Spanish). ASEA grants the registration once the Operator demonstrates through the opinion of an authorized third-party, that its Corporate HSE Risk Management System has correspondence with each of the 18 elements established in the ASEA Law.



2. Authorization. Prior to the start of hydrocarbons activities, Operators must have the authorization of SASISOPA, which consists in demonstrating that the registered SASISOPA contemplated in stage 1 will be implemented according to the specific activities of the project. At this stage, a risk analysis of the extended or detailed basic engineering is performed, and the evaluation of environmental aspects and other impacts are contemplated. SASISOPA’s authorization requires an implementation program, that must be completed in no more than two years.



3. Follow up. This stage applies to the entire project’s life-cycle to keep ASEA informed of the progress in the implementation and performance of SASISOPA through the following reports:

  • Biannual progress of the implementation programs where Operators must present fulfilment evidence of the commitments established in the authorization;
  • Annual performance report through which the ASEA evaluates the performance of SASISOPA, with its indicators, and
  • Biannual report of the results of the external audit and the attention of findings plan where the Operator must take special care in the attention of the observations of the detected findings.


4. Modification. Operators must keep their SASISOPA updated at all times by submitting to ASEA the description of the SASISOPA modifications appropriate to the new risk profile, at least 30 business days before carrying them out.