PHMSA Enforcement Trends: What Pipeline Operators Should Know

PHMSA enforcement actions reveal where the gap between written compliance programs and actual field execution is widest. Understanding enforcement trends is not about tracking who got fined — it is about recognizing the patterns of failure that PHMSA considers most serious and using that knowledge to identify weaknesses in your own programs before an auditor does. The operators who treat enforcement data as a diagnostic tool consistently maintain stronger, more defensible compliance programs.

What Enforcement Data Tells Us

PHMSA publishes enforcement actions including Notices of Probable Violation (NOPVs), consent agreements, compliance orders, and civil penalty assessments. Each action identifies the specific regulatory sections allegedly violated, describes the nature of the deficiency, and in many cases specifies the penalty amount.

Analyzing this data in aggregate reveals things that individual case reviews do not.

Which regulations generate the most enforcement activity. Certain sections — particularly the integrity management requirements in 195.452 and Part 192 Subpart O — appear far more frequently than others. This concentration is not random. It reflects PHMSA's enforcement priorities and the areas where operators most consistently struggle to maintain compliant programs.

What types of failures PHMSA considers most serious. The highest penalties tend to involve situations where the operator had a regulatory obligation to act, had (or should have had) the information required to act, and did not act. Documentation gaps, stale program materials, and misalignment between written programs and field execution are treated as serious because they suggest systemic program weaknesses rather than isolated incidents.

Where the industry-wide compliance gap is persistent. When the same type of violation appears across multiple operators year after year, it signals that the requirement is either commonly misunderstood or commonly under-resourced.

The NOPV Playbook

PHMSA's enforcement process has a compounding quality that operators who understand it can turn into a preparation advantage. As a regulation matures and enforcement cases accumulate, inspectors develop access to a database of prior allegations and case outcomes — upheld, dropped, or withdrawn. That history shapes what inspectors look for and how they frame findings. Published NOPV cases are effectively a map of the audit question paths that inspectors follow for each regulation.

The practical implication is direct: operators can source published enforcement allegations for the regulations most relevant to their programs and use them to simulate the inspector's question sequence. For each allegation type, the question becomes — does our program have a defensible response? That gap analysis, performed before an audit rather than during one, is the most reliable audit preparation investment available.

Inspector technical depth varies substantially from person to person. What is consistent is that inspectors are primarily looking for a program that itemizes criteria from the regulation and shows an intelligent response. Where a program's documentation answers the question the inspector is tracing before the inspector asks it, the audit moves quickly. Where the documentation is absent or ambiguous, the inspector opens a documentation follow-up loop that extends the audit duration and increases exposure.

Common Violation Patterns

These categories appear with notable frequency across PHMSA enforcement actions. They are not unusual edge cases — they are the recurring findings that characterize the gap between regulatory intent and industry practice.

Incomplete Threat Documentation

The most consistent pattern involves threat evaluations that exist on paper but lack the substance to withstand scrutiny. Common findings include:

• Generic threat lists applied identically across segments without segment-specific analysis
• Threat ratings assigned without reference to supporting data — inspection results, leak history, operational records
• Threats dismissed as low or not applicable without documented reasoning
• No evidence that threat evaluations were updated when new assessment data became available

This pattern is especially prevalent in 192.917 threat identification findings and in the threat evaluation components of 195.452 programs. Generic threat documentation is one of the clearest signals to an auditor that the analysis was not actually performed at the segment level.

Unsupported Reassessment Intervals

Operators who set reassessment intervals without documented technical justification create a reliable enforcement target. Common findings include:

• Intervals set at the regulatory maximum (five years for Part 195, seven years for Part 192) without any documented analysis supporting that duration
• Boilerplate interval justifications reused across segments without regard to segment-specific conditions
• Intervals that do not account for known threats, prior assessment results, or changes in operating conditions
• No process for re-evaluating intervals when new information arrives

The regulation does not prohibit maximum-length intervals, but it requires that any interval — including the maximum — be supported by technical analysis. An interval without documented justification is treated as an unsupported decision, regardless of whether the assessment itself was performed on time.

Stale Program Materials

Integrity management programs are living documents that must reflect current conditions. Enforcement actions frequently cite:

• Written programs that have not been updated to incorporate results from recent assessments
• HCA determinations based on data that is years out of date
• Threat evaluations that predate significant operational changes, system modifications, or new inspection findings
• Preventive and mitigative measure descriptions that do not reflect current field practices

Staleness is a particularly damaging finding because it suggests the operator is not using the program as a management tool. The program exists for compliance purposes but does not drive operational decisions — and auditors recognize that pattern.

Weak Alignment Between Written Procedures and Actual Execution

This is the most consequential category. PHMSA auditors compare what the written program says the operator will do against what the records show the operator actually did. Common findings include:

• The program describes a threat evaluation methodology, but records do not show that methodology was followed for specific segments
• Preventive measures are listed in the program but implementation records are absent or incomplete
• The program references data sources that the operator does not actually collect or maintain
• Assessment scheduling and execution do not match the program's stated approach

The gap between the program on the shelf and the program in practice is what drives the most serious enforcement outcomes. An operator whose records cleanly align with their documented procedures — even where the procedures are not aspirational — is in a far stronger audit position than one whose records partially support a more ambitious program.

Inadequate Data Analysis Supporting Risk Determinations

Risk-based decision-making is permitted and encouraged under the integrity management regulations, but it requires documented analytical support. Common findings include:

• Risk rankings that do not clearly trace to input data
• Risk assessments that have not been updated to reflect new assessment results or changed conditions
• Risk-based decisions — such as assessment prioritization — that lack documentation showing how the analysis led to the decision

Areas of Increasing Enforcement Scrutiny

Several areas have drawn heightened attention in recent PHMSA enforcement activity.

Program quality beyond checkbox compliance. PHMSA has moved beyond checking whether required program elements exist to evaluating whether they are substantive, data-driven, and effectively executed. A program with all the right section headings but insufficient segment-specific substance is increasingly likely to draw findings.

Threat identification rigor. The quality of threat identification is receiving more focused attention, particularly the linkage between identified threats and the data supporting those identifications. Generic threat lists are being challenged more aggressively.

Documentation completeness and traceability. Auditors are examining whether documentation supports end-to-end traceability — from data input through threat evaluation to assessment planning to interval justification to measure implementation. Gaps in the chain are treated as program deficiencies.

Integration of assessment results into program updates. Operators who perform assessments but do not demonstrably integrate the results into their threat evaluations, risk rankings, and program decisions face increasing enforcement risk. Assessment results that go into a report but do not visibly influence the program suggest a disconnected compliance process.

Preventive and mitigative measure implementation quality. PHMSA is placing greater emphasis on whether preventive and mitigative measures described in the program are actually implemented and effective, not just documented.

Audit Preparation That Actually Works

Effective audit preparation is not about polishing program documentation in the weeks before an inspection. It is about building and maintaining programs that are operationally sound year-round, and ensuring that records are organized for rapid retrieval.

The most important preparation steps are practical:

Pre-organized digital record access. The operator who can produce documents in response to audit questions by clicking pre-organized links is in a materially different position than one who must search through records under time pressure. Faster document retrieval reduces the pressure on audit participants and reduces the risk of producing tangential materials that open new lines of questioning.

Know your weak spots before the auditor finds them. Internal pre-audit gap assessments against published enforcement allegations for your most-audited regulation sections produce a reliable picture of exposure. Where gaps are found, the choice is between correcting them before the audit or having a documented response plan for findings that may arise.

Manage audit communication deliberately. The compliance liaison role — a single primary contact who manages the flow of information to the inspector and redirects questions that are going in an unproductive direction — is underutilized. Filling silence with explanation is one of the most common self-inflicted audit vulnerabilities. Commentary that was not requested opens follow-up questions that were not inevitable.

Avoid follow-up documentation loops. The strongest audit outcome is a clean close with no outstanding items. Follow-up documentation loops extend exposure and increase the administrative burden of the enforcement process. Preparation that anticipates the questions most likely to be asked reduces the probability of a follow-up request.

Frequently Asked Questions

How does PHMSA decide what to enforce?

PHMSA enforcement is driven primarily by findings from scheduled audits, incident investigations, and complaint-driven reviews. PHMSA uses a risk-based approach to select operators for inspection and prioritizes enforcement actions based on the severity of findings, the degree to which deficiencies reflect systemic program weaknesses, and the operator's compliance history. Repeat violations and patterns of non-compliance tend to receive the strongest responses.

What are the most-penalized regulations in pipeline integrity management?

The integrity management sections — 195.452 for hazardous liquid pipelines and the Subpart O sections (particularly 192.917, 192.935, and 192.937) for gas transmission — consistently generate the highest volume and highest-dollar enforcement actions. Within these sections, the most common findings involve threat documentation, reassessment interval justification, and alignment between written programs and actual execution.

How can operators use enforcement data proactively?

Operators should review PHMSA enforcement actions relevant to their pipeline type and compare the findings against their own programs. If the violations cited in enforcement actions describe conditions that exist in the operator's program — generic threat lists, unsupported intervals, stale documentation — those are areas for improvement before an auditor finds them. The goal is to identify the types of weaknesses that draw enforcement attention and correct them before they become findings.

What should an operator do if an inspector appears to be moving toward a technically incorrect finding?

Push back politely and ask the inspector to identify the requirement in the regulation that supports the finding. Know your program's weak spots going in, and have a prepared response for likely finding areas. If a technical disagreement does not resolve during the audit, a formal written response after the audit is a more effective vehicle for a substantive technical dispute than trying to win the argument in the room.

Is a compliance-focused program enough to manage integrity risk?

A program optimized for audit compliance rather than asset management creates a particular type of vulnerability. The audit process checks whether procedures were followed and records are complete — it does not independently evaluate whether the threat identification was technically sound or whether the right threats were assessed with appropriate tools. A program can pass an audit and still be missing the analytical foundation needed to prevent failures. Operators who build programs to manage risk, rather than to manage audits, ultimately produce both better safety outcomes and more defensible compliance records.

Related Regulations and Resources

• 49 CFR 195.452 — Integrity Management for Hazardous Liquid Pipelines
• 49 CFR Part 195 — Hazardous Liquid Pipeline Regulations
• 49 CFR Part 192 — Natural Gas Pipeline Regulations
• Pipeline Integrity Management Overview

---

Need a better way to navigate regulation context? Kondwit organizes PHMSA regulations, enforcement data, and guidance in one structured platform. Learn more

---

See how Kondwit connects PHMSA enforcement cases to specific CFR sections — showing penalty history, allegation types, and case outcomes at the regulation level. Request a demo

---

Matthew Brown, PE Licensed Professional Engineer | 15+ years pipeline integrity and compliance experience

Matthew Brown is a pipeline integrity engineer specializing in integrity management program development, regulatory compliance, threat assessment, and audit preparation. He has supported operators across transmission, distribution, and hazardous liquid systems with program development, documentation review, and PHMSA audit support.

This content is for informational and educational purposes only. It does not constitute engineering services, legal advice, or a professional engineering opinion. Operators should consult qualified professionals for system-specific compliance decisions.