20 May No Cause for Celebration – The Enschede Fireworks Safety Disaster
In a list of the most obviously dangerous substances to work with, fireworks rank near the top. So you’d imagine that people who work with them know the safety risks inside and out and would take the most extreme precautions. This week marks 20 years (13 May 2000) since the tragic SE Fireworks incident in Enschede, a small Dutch town on the border with Germany.
23 people died, 400 homes were destroyed and 450 million euros worth of damage were caused, proving that even when risks are obvious, understood and regulated, they can still go disastrously wrong. In this blog, we try to understand why that is and what we might be able to do about it.
More than 1,000 people were injured in the explosions at the SE Fireworks company’s site, right in the centre of the town, after fire broke out in the main building and spread to nearby fireworks storage units. A hundred acres of surrounding land was levelled and 10,000 people were evacuated after an explosion that was equivalent to 4-5,000kg of TNT being detonated.
Incredibly, just one week before the disaster, the site had passed a safety audit and inspection. Even the inspectors, whose main purpose is to independently check that risks are being properly managed, were blindsided, failing to see the dangers that would soon fall upon the town.
Like most disasters, the one at SE fireworks wasn’t the result of one thing going wrong, but a series of mistakes and safety lapses that compounded the initial incident and magnified it.
Recipe for disaster
The company used to produce its own fireworks but by 2000, it had switched to importing pre-made fireworks from China and selling them for use at large-scale events such as concerts by Bon Jovi, Prince and Michael Jackson. But whether it was manufacturing its own or just storing them, SE Fireworks should have been located well away from residential properties, following the BANANA safety principle – “Build Absolutely Nothing Anywhere Near Anything”.
In fact, when the factory was first built in 1977 it was isolated but over the years, the nearby town of Enschede expanded, until homes were built right next to the site. The council planning department was oblivious to the function of the factory because there was poor communication between those officials and the ones responsible for regulating fireworks.
Three years before the disaster a resident complained to the local council about the danger they saw. The council responded by saying SE Fireworks was in an area marked on the map for industrial use, so did not breach any regulations, even though there were homes right across the road but just outside the industrial zone. Because technical compliance was achieved, this was equated as zero risk to the population. This is a danger sign for any business; being compliant and effectively managing your risks, are not the same thing. Sometimes that difference must be explicitly communicated.
The council had no mechanism that would alert them to a risk being poorly managed or neglected. As individual employees left or moved, awareness of the firework risk fell off the radar screen. Subsequent investigations recommended that firework regulation be moved to a regional function, with the implicit understanding that when risks are not being dealt with as a prime responsibility, they tend to be forgotten or de-prioritised.
Even the authorities who probably needed the clearest insights into the specifics of the risks – the local fire service – they had no idea of building layouts, quantities or types of explosives being stored. This was the primary reason why the fire service lost 4 men in the massive secondary explosion and why so many townsfolk were killed too. Protective cordons were not established far enough away to protect people from the immediate fireball, or the raining down of heavy debris. Video footage of fireworks dropping out of the sky onto watching crowds and exploding around them, only added to the trauma as it was replayed for days on news reports.
The cause of the fire remains a mystery to this day – arson was strongly suspected – but if the regulations surrounding the storage of fireworks and their strict compartmentalisation had been followed, an arson attack would only have created limited damage and not the uncontrolled ignition of the entire stock of explosives.
Perception of risk levels had fizzled out
900kg of fireworks were stored in the main building, where the fire broke out. Internal fire doors had been left open, allowing the fire to reach the fireworks.
Safety and security controls have a tendency to slow businesses down, but the real hazard comes when staff become complacent about the inherent risks that come with the materials they are handling.
The resulting explosion engulfed the main building, and the fire spread to nearby shipping containers, where more fireworks were stored. Any risk analysis would have shown that lighted fireworks don’t stay in the same place!
We might question whether the change of business strategy to re-sell, rather than manufacture fireworks, was at least part of the reason why staff at the business became complacent. When they no longer designed, tested and worked with explosive compounds, they lost skills for managing the risks. In essence, employee skills switched to efficient logistics and financial management. Safety skills were not taught, valued or upheld but assumed to be common sense that could be left to individual employees.
Not only was the site storing fireworks illegally, it was storing far more than it was permitted to, and more dangerous types of fireworks than safety inspectors knew about. In hindsight we can see a commercial focus that consistently downplayed safety risks. Behavioural psychologists will not be surprised about this approach, because research shows that people typically consider a low-incident operating environment (i.e. nothing bad happens) to be a downgrading of the inherent risks (therefore this risk isn’t so bad after all and (subconsciously) we don’t need to take it quite as seriously). This is a pretence we happily and conveniently follow, imaging that someone else would be responsible in the highly unlikely event that something goes wrong.
We know from High Reliability Organizations (HROs) such as nuclear power plants, that risk managers do not interpret lack of incidents as confirmation that everything is under control. This signal is used to check for complacency, blind-spots, failure to recognise new risks, ineffective capturing of near-miss incidents and a bias towards reporting good news messages, rather than control effectiveness levels. Such a mindset shift is only possible with recruiting and reinforcing the mindset, with continual training and rehearsal. A safety culture must be intentionally created and maintained and can never be assumed to be in place because “people should know the risks”.
From a risk management point of view, the risks were well known and understood by managers at SE Fireworks, but rules were ignored or bent as workers had become complacent about their operating risks. The culture at SE Fireworks had settled around the idea “it couldn’t happen here”.
People have a predictable tendency to normalise large risks when they are frequently exposed to them. Risk awareness training is a vital part of the toolkit to remind staff and contractors of the real dangers of inherent risks.
A more stringent safety audit and inspection regime would have highlighted these problems, but there was a lack of expertise from council departments that were understaffed because of financial cuts, and a prevailing culture of self-regulation. Inspectors were relying on what was told to them and what they saw on paperwork, rather than investigating the reality for themselves
Checklists are a superb risk-managing tool but should not become blinkers, to stop people using their eyes to gather other perspectives on the situation.
Some instances of non-compliance had been raised by inspectors, but hadn’t been followed up on. Regulator inaction like this, can reinforce a belief that risks are being “over-inflated”.
Ignoring or accepting the risks?
In the ensuing court case, at which two owners were fined and jailed, it was discovered that the firm had been using shipping containers because it had planned to move to a new site, so didn’t want the trouble and expense of building bunkers that would only be used for a few months.
In terms of decision psychology, it is more likely that the thinking process concluded that the risk was too small to bother with making a large expense to correct. There is no evidence that this decision was investigated, calibrated or analysed. Instinctive risk modelling can be very dangerous and susceptible to cognitive biases. If we’ve never heard of an explosion in a fireworks factory before then it must be very unlikely (Availability Bias).
Are your staff aware of how cognitive biases can shape decisions away from realism?
Accepting a risk is a legitimate approach, provided you aren’t breaching regulations, but only when you have been open and honest with your risk assessments and have agreement from stakeholders to take that course. Accepting a risk without transparency in order to cut costs, is a good example of risk acceptance being handled badly, and a strong indicator that your risk management programme is not fit-for-purpose.
In theory, there were three lines of defence to the risk at SE Fireworks: the owners and operators of the risk, the licensing authority, and the safety auditors. If one of those defences had failed, the other two ought to have picked up on that, but in SE’s case, that didn’t happen.
Passing a safety audit, like SE Fireworks did the week previously, only means that procedures such as keeping fire doors closed were tightened for the duration of the audit, then allowed to lapse again
It’s easy to take extra care when we know we’re under close scrutiny in the midst of an inspection, but it’s when we’re not under scrutiny by anyone that our true risk management ethos is exposed.
We need to focus on risk culture and ensure it’s something that’s paid attention to at all levels of an organisation. Will your risk management practices hold up to intense scrutiny, or are there hidden dangers waiting to explode when you least expect it?