By David Whitford and Peter Elkind
November 19, 2012

FORTUNE — For the second time in five years, BP, the world’s fourth-largest company, has agreed to plead guilty to a criminal felony for epic safety failures that resulted in deaths, disaster, and billions in damage.

After BP’s Texas City refinery blew up in 2005, killing 15 workers and injuring 180, the energy giant cast itself as a responsible company that had tragically mismanaged a single facility but suffered from no systemic safety problem. Likewise, in the aftermath of the April 2010 explosion of the Deepwater Horizon — which claimed 11 lives and produced the worst offshore oil spill in U.S. history — BP fiercely resisted the notion that it was chiefly to blame.

“I genuinely feel this could have happened to anyone,” CEO Tony Hayward told Fortune in a London interview, just days before handing over his job to current BP boss Robert Dudley. “This isn’t BP. It’s an industry accident.” This thinking has remained BP’s mantra: that the Gulf disaster resulted from “multiple causes, involving multiple parties.”

He’s right about that last part, of course. Industrial disasters rarely result from a single mistake. But last week’s agreement (subject to formal court approval) underscores what has long been clear: that primary responsibility for this tragedy lies with BP.

MORE: Data shows East Coast gas shortages were inevitable

In its deal with the Justice Department and the SEC, BP agreed to pay a record $4.5 billion in fines and penalties (much of it will go toward repairing environmental damage) and plead guilty to eleven counts of felony manslaughter. Three former BP employees also face criminal charges: rig supervisors Donald Vidrine and Robert Kaluza, the highest-ranking BP employees aboard the Deepwater Horizon at the time of the explosion, for negligence that led to the deaths and the spill; and shore-based vice president David Rainey, for misleading government officials about how much oil was leaking from the well. (All three men are contesting the charges).

Though BP (BP) has now set aside nearly $42 billion to cover its total costs for the accident, its bill could climb much higher. If found to be grossly negligent in federal court proceedings set for February, the company could face Clean Water Act fines of more than $20 billion. (BP, which now admits negligence but denies gross negligence, has reserved just $3.5 billion for this liability.) A proposed mass settlement of private civil claims is also awaiting court approval; other civil suits are pending.

BP will now face four years of pervasive — even humiliating — federal oversight. It will be required to appoint special monitors for ethics and deepwater Gulf drilling safety; follow government-mandated procedures at key steps in drilling operations; develop a public website listing “lessons learned” and spelling out its ongoing safety progress; provide access to its facilities whenever the government wants; submit to special audits of its safety-improvement programs; even report to a probation officer.

BP failed big time. Now it must make amends. Responsible individuals will be held accountable. And given BP’s sorry record of reform in the wake of past disasters, close government supervision going forward is an absolute requirement. BP paid an initial fine of $21 million after Texas City; it has paid an additional $150.6 million since then — the latest chunk in July of this year — for repeatedly failing to clean up its act. Clearly, BP has not shown itself to be trustworthy.

MORE: Bloom Energy’s losses total $873 million

But is this hefty combination of new punishment and oversight enough to provide a reasonable assurance that nothing like the Deepwater Horizon disaster ever occurs again? On that critical point, the jury is still out.

Large-scale industrial accidents are by definition hugely complicated events, resulting from a deadly combination of mistakes, perfectly aligning (to borrow the analogy favored by process-safety engineers) like holes in a stack of slices of Swiss cheese. Preventing such disasters requires a holistic way of managing safety. It’s about creating a system and a process that is resistant to human error. It’s not really about hard hats and steel-toed boots. In fact with respect to occupational safety — broken toes, concussions and the like — the Deepwater Horizon had a stellar record, right up until the moment when the whole rig exploded. (See Fortune’s investigation BP: ‘An accident waiting to happen’)

Unfortunately, says MIT engineering professor Nancy Leveson, author of Engineering a Safer World, all the oversight in the world can’t guarantee process safety; it may even be counterproductive. “These are socio-technical problems,” says Leveson. “When big accidents occur there’s weaknesses in the whole design of the structure. If you start focusing on blame, then you get nowhere. Then you get finger-pointing and self-protection and you never can fix the problems.”

Real safety, Leveson argues, is about “values and morals, and that can’t be enforced from outside. You don’t change someone’s value system by threatening someone and having oversight. That’s set in the company, by top management.”

On that front, BP vows that it has learned its lesson. CEO Dudley put it this way in a statement announcing the settlement: “All of us at BP deeply regret the tragic loss of life caused by the Deepwater Horizon accident as well as the impact of the spill on the Gulf coast region…..We apologize for our role in the accident, and as today’s resolution with the U.S. government further reflects, we have accepted responsibility for our actions.”

We can only hope that this apology is BP’s last.

Research assistance by Doris Burke. 

You May Like