Few industries are as safety-conscious as aviation, which requires rigorous oversight of production, maintenance and training. That rigor can be seen in the FAA’s compliance database, which for 2015 alone lists about 400 enforcement actions against airlines, MRO shops and other aviation service providers.

These fines and certificate revocations were typically imposed by the FAA for regulatory violations concerning maintenance, flight operations, record-keeping and drug testing. In the first quarter of 2016 (the most recent period for which records are available), for instance, the FAA withdrew maintenance approvals from four companies and collected a total of $150,000 in fines from eight others.

While the smallest of those civil penalties was barely the price of a mechanic’s toolbox, fines can quickly escalate for repeat offenses. In 2013, American Airlines paid $24 million to settle a case in which the FAA alleged a slew of maintenance violations, and in late 2015 Southwest Airlines paid a penalty of $2.8 million.

The FAA originally had sought $12 million from Southwest for the improper maintenance and subsequent operation of more than 40 Boeing 737s in 2006-09. The actual repair work was done by a third party, Aviation Technical Services, and while the maintenance company had to pay its own fine, Southwest, in the words of the FAA, “was responsible for ensuring that procedures were properly followed.“

That statement follows the rule that aircraft operating certificate (AOC) holders are ultimately responsible for the airworthiness and maintenance of their aircraft. In the U.S., this is set out in CFR 121.363, which also explicitly states that while maintenance can be contracted out, “this does not relieve the certificate holder of the responsibility [for airworthiness and maintenance].” As part of its settlement, Southwest agreed to enhance oversight of third-party maintenance providers.

Of course, this doesn’t mean MRO providers can totally offload responsibility for compliance onto their customers. In Europe, European Aviation Safety Agency (EASA) Part 145 stipulates that the actual performance of maintenance is the sole responsibility of the provider that issues an aircraft’s certificate of release to service.

In 2013, American Airlines paid $24 million to settle the largest maintenance fine in FAA history. Credit: Lee Ann Shay/AW&ST


In the U.S., there is a slight difference in that aircraft owners or operators are responsible for certain aspects of repair station procedures, but otherwise it is the contracted MRO provider’s responsibility to carry out an aircraft’s approved maintenance program. In the Southwest case, the FAA determined that Aviation Technical Services had not followed proper procedures for replacing fuselage skins, or for stabilizing the aircraft being worked on. The MRO company agreed to pay $275,000 in fines and improve its quality control.

Internal Affairs

Within a maintenance company, compliance is mainly split between ensuring that the correct MRO procedures are followed and keeping documentation accurate and up to date. Most large MRO companies engage continuously with staff to minimize incidents of noncompliance, but—as the FAA records attest—mistakes do occur.

“Everybody in the MRO industry knows about the usual suspects of noncompliance, which are mostly connected with poor workmanship,” says Werner Luehmann, head of regulatory compliance at Lufthansa Technik. He highlights issues such as material segregation, storage conditions and tool control.

“The root causes of maintenance slipups mostly do not lie in intentional misbehavior but in other reasons, like misinterpretation of instructions or lack of communications, or simply human error,” Luehmann adds.

Lufthansa Technik conducts frequent safety campaigns to keep staff cognizant of their responsibilities, while U.S.-based AAR deploys Quality Action Teams. These develop corrective actions when mistakes occur and also propose measures to keep them from happening in the first place.

Alongside internal audits, MRO companies also collaborate through platforms such as the Aviation Safety Action Program (ASAP) and Aviation Safety Information Analysis and Sharing (ASIAS). The latter is an FAA initiative that uses safety reporting from 40 airlines and several MROs to provide a repository of safety data. One of its information streams is ASAP, which encourages individuals to voluntarily report any safety violations they see in the course of their work.

External Audits

National aviation authorities continuously audit maintenance providers and airlines to check that documentation and work procedures are up to scratch. AAR’s Indianapolis maintenance facility received a staggering 169 FAA audits in 2016, while Lufthansa Technik undergoes a continuous compliance check in the course of numerous surveillance audits each year from the LBA, Germany’s civil aviation authority.

Lufthansa Technik estimates that its direct compliance costs amounted to €1.5 million in 2016. Credit: Lufthansa Technik


MRO companies’ customers also will conduct their own audits, as will other regulatory agencies, such as the U.S. Environmental Protection Agency. On top of checks by FAA inspectors, AAR hosted almost 50 other audits in Indianapolis during 2016.

Each audit usually follows a predetermined safety and compliance checklist, and inspections by government agencies can last for several days, or even months if they are for an initial certification. Inspectors are often accompanied by a staff member. Since many MRO facilities may spend most of their year undergoing some form of audit, this gives some idea of the resources required for monitoring, enforcing and administering compliance.

“It would be impossible to get the total cost of ensuring compliance,” says Art Smith, chief quality officer at AAR. He estimates that AAR spends “millions” on compliance but also argues that quality control should be counted as an investment, not a cost. This follows the well-worn adage: “If you think safety is expensive, try an accident.”   

Lufthansa Technik is a little more exact, estimating that its direct compliance costs amounted to €1.5 million ($1.6 million) in 2016, or 0.5% of its pretax earnings. However, this excludes staff costs. Instead, the main contributor is fees levied by regulatory authorities.

Bane of Duplication

Compliance costs for maintenance companies will vary widely according to how many markets they serve. In the past, FAA and EASA certifications for an approved maintenance organization (AMO) were accepted by many non-U.S. and non-European airworthiness authorities, but many now insist on their own approvals. This generates certification fees for the authority in question but also a significant workload for the maintenance company, which has to study the country’s regulations and demonstrate compliance.

For global maintenance providers this can become a complex and often unnecessary administrative burden, since large sections of different countries’ regulations and certification procedures merely duplicate FAA and EASA measures. For a company like Lufthansa Technik, which holds 130 authority certificates from 70 countries, this can represent quite a headache.

“Less oversight is needed in areas where many regulators do audits or inspections at the same MRO,” Luehmann says.

The International Civil Aviation Organization (ICAO) has recognized the problem of duplication and is seeking to harmonize global standards for AMOs as well as persuade more countries to accept the certification of foreign aviation authorities.

Its first proposal, expected to be adopted this year, is to move the approval of MRO providers from the sections of its regulations that govern flight operations to the one that governs airworthiness. This is to confirm that the state of an aircraft’s registry, not the state of the aircraft’s operator, is responsible for gaining approvals.

Next, ICAO wants to improve its standardized guidance material, and then develop provisions to promote common standards at the regional level, pooling of audits between civil aviation authorities, and joint investigations of AMOs requiring approval. It also would encourage the use of the new industry standards for auditing AMOs.

“We, as an industry suffering from the burden of multiple approvals, can only applaud this intention,” says Luehmann.

The ICAO proposals clarifying competence for AMO approval are set to take effect from 2020; those promoting greater harmonization could be in place by 2024. Meanwhile, the MRO industry hopes to see more bilateral air service agreements like those between Europe  and the U.S., Canada and Brazil, all of which agree on common standards for the approval of maintenance providers.


Although the benefits of regulatory harmonization are still some years off, MRO providers already are reaping gains from the increasing use of information technology in and around the hangar. 

“Automation and digitization have played a key role in the fight for compliance perfection,” says AAR’s Smith. “Technology allows us to be more organized, more compliant and allows us to do better data analysis at a much faster speed.”

The FAA originally sought a $12 million fine from Southwest for improper maintenance performed by a contractor on dozens of Boeing 737s.

The FAA originally sought a $12 million fine from Southwest for improper maintenance performed by a contractor on dozens of Boeing 737s. Credit: Eric Salard/Wikimedia


As an example, he cites the rugged laptops that AAR staff use in the hangar. Such devices usually are pre-loaded with all the maintenance data that a mechanic would need, or they wirelessly connect to software running in the cloud or on the company mainframe. By freeing personnel from having to lug around manuals and other documentation, portable maintenance aids improve productivity and also can help with compliance.

For example, during electromagnetic inspection, engineers have traditionally relied on a sheaf of service bulletins and instruction manuals to outline each step of the inspection process. Now, GE Measurement and Control offers a portable tool that displays service bulletin workflow on an instrument screen. Once testing is complete, all relevant data can be reviewed, recorded and transferred via the device. This lowers the potential for human error because workers don’t need to keep switching attention from testing equipment to manuals.

Lufthansa Technik introduced its first digital manual, IQ Move, 12 years ago, and from the start it has included a “regulatory requirement” module. Any new work process is checked for compliance, and then the relevant part of the regulation is linked to the process. Via the module, compliance information for any process can then be generated in real time. “In essence, digitization does make compliance much easier if changes are utilized in a smart way,” says Luehmann.

Changing Philosophy

The FAA’s long list of enforcement actions against wayward MRO companies and airlines could be seen as evidence that compliance monitoring works. Alternatively, one might fear that mistakes are endemic to the industry, and wonder how many more go undetected.

This latter interpretation is harsh when one considers the admirable safety record of commercial air transport in the U.S. and Europe. Nonetheless, oversight is constantly tweaked to respond to an increasingly complex aviation system—one that even the FAA acknowledges cannot be made safer by more rules and penalties.

“Most regulators’ resources are already overstretched. Therefore a risk-based approach is required and is being currently incorporated in the oversight planning of many aviation authorities,” says Luehmann.

One example of this approach is Europe’s recently introduced requirement for Part 145 maintenance organizations to implement an error-capturing method after the performance of any critical maintenance task. Such tasks are defined as those that involve assembly or disturbance of a system or component critical to flight safety.

In the U.S., meanwhile, the FAA has introduced a new compliance philosophy that it terms a “just culture.” In place since 2015, this emphasizes root-cause analysis, transparency and information exchange, as well as a preference for “compliance actions“ over civil penalties. Compliance actions could be on-the-spot corrections or remedial training for companies or individuals that have made honest mistakes and are willing to engage with regulators.

“The new FAA philosophy is driving the industry in the right direction. It is more about getting to the truth of an error, so the countermeasure can be the correct remedy,“ says Smith. 

The FAA has also embraced a risk-based approach in order to address emerging safety risks. This process uses data analysis to assess the potential for problems and how to address them before an accident can happen.

“I personally like where compliance is going: We are seeing engagement and a cohesiveness of all the major players,“ says Smith.

“Let’s face it, an aviation accident or incident doesn’t only impact the carrier or repair station, it impacts the entire industry. It is in everyone’s best interest to ensure that we all comply every day,“ he says.