The U.S. Environmental Protection Agency (EPA) has proposed a rule governing electronic recordkeeping at EPA-regulated facilities that would impose billions of dollars in compliance costs on U.S. industries while providing little benefit to EPA. In comments filed on February 22, 2002, we recommended that EPA withdraw the rule, the Cross-Media Electronic Reporting and Recordkeeping Rule (CROMERRR), and conduct a comprehensive risk analysis to determine the validity and extent of fraud concerns arising out of electronic recordkeeping.
U.S. Chamber Position
We oppose CROMERRR for several reasons.
CROMERRR is presented as a voluntary program; however, the proposal as written appears to apply to each and every regulated entity that electronically maintains any record required by EPA. The proposal defines an electronic record as "any combination of text, graphics, data, audio, pictorial, or other information represented in digital form that is created, modified, maintained, archived, retrieved or distributed by a computer system."
If information meets this definition, a regulated entity could satisfy CROMERRR's recordkeeping requirements only if the data "is generated and maintained by an acceptable electronic record-retention system as specified" in the proposed rule. Thus, where regulated entities routinely store or collect data on a computer (e.g., monitoring data, emissions data), such storage or collection alone would likely subject the regulated entities to the CROMERRR requirements.
The CROMERRR record-retention system requirements are substantial. CROMERRR imposes extensive anti-fraud provisions that many computer systems, including both new and existing systems, simply do not have. For instance, CROMERRR would require that electronic records be maintained in a form that may not be altered without detection. The proposal would also require that records be electronically maintained without alteration for the entirety of the record retention period. This requirement is particularly burdensome when considering the costs of transitioning or maintaining data in the face of common and frequent upgrades in both hardware and software. A third CROMERRR requirement would mandate the use of secure, computer-generated, time-stamped audit trails to automatically record all creation, modification or deletion of records, a capability lacking in, for instance, Microsoft Excel. Several additional requirements contained in the proposed rule present comparable problems.
The Food and Drug Administration adopted a similar rule a few years ago. Experience with the FDA regulation sheds light on the expected impact of EPA's proposal. The CROMERRR economic analysis declares that the cost of complying with the recordkeeping provisions would be about $40,000 per facility. Yet the pharmaceutical industry has found that costs often run much higher, even, in some larger cases, into the hundreds of millions.
But even if EPA's seemingly low estimates are correct, CROMERRR will constitute one of the federal government's costlier regulations. Because CROMERRR is not voluntary, the $40,000 cost will be borne by nearly all of the 1.2 million reporting facilities, resulting in a total regulatory compliance cost of $48 billion. On top of this initial cost, EPA estimates a yearly cost of $17,000 per facility, or more than $20 billion in annual regulatory burden.
Updated by the U.S. Chamber's Environment, Technology, and Regulatory Affairs division, December 2002.