CCRcorp Sites  

The CCRcorp Network unlocks access to a world of insights, research, guides and information in a range of specialty areas.

Our Sites


A basis for research and practical guidance focusing on federal securities laws, compliance & corporate governance.


An educational service that provides practical guidance on legal issues involving public and private mergers & acquisitions, joint ventures, private equity – and much more.


The “one stop” resource for information about responsible executive compensation practices & disclosure.

Widely recognized as the premier online research platform providing practical guidance on issues involving Section 16 of the Securities Exchange Act of 1934 and all of its related rules.


Keeping you in-the-know on environmental, social and governance developments

In March, EPA promulgated major changes that became effective last month to the 1996 Risk Management Plan (RMP) regulations under 40 CFR 68. These regulations apply to facilities that hold specific “regulated substances” in excess of threshold quantities. These facilities are required to assess their potential release impacts, undertake steps to prevent chemical releases, plan for emergency response to releases, and summarize this information in a risk management plan (RMP) that is submitted to EPA. Among the revisions are new requirements for third-party audits and auditor competency (40 CFR 68.59 and 68.80) for when such audits are needed.

The new auditor requirements include:

  • Auditor competency elements;
  • Training on auditing techniques;
  • Independence criteria, including a signed and dated conflict of interest statement documenting that the auditor(s) meet these criteria; 
  • Written policies and procedures to ensure that all audit personnel comply with the competency and independence requirements; and
  • Inclusion of a specific auditor certification statement in the audit report.

Another change from the original rules is that once the audit report is issued, the facility owner/operator must immediately send the report to the company’s audit committee of the Board of Directors, or other comparable committee or individual.

While EPA’s RMP regulation tracks closely with OSHA’s Process Safety Management (PSM) rule, OSHA has not issued similar changes to its audit/auditor requirements, so these new mandates only apply to EPA’s RMP.

This is another indicator of increasing formalization of audits in the ESG realm, which should be applauded. I expect this trend will continue.

If you aren’t already subscribed to our complimentary ESG blog, sign up here: for daily updates delivered right to you.

Back to all blogs

The Editor

Lawrence Heim has been practicing in the field of ESG management for almost 40 years. He began his career as a legal assistant in the Environmental Practice of Vinson & Elkins working for a partner who is nationally recognized and an adjunct professor of environmental law at the University of Texas Law School. He moved into technical environmental consulting with ENSR Consulting & Engineering at the height of environmental regulatory development, working across a range of disciplines. He was one… View Profile