The 737MAX and the Perils of Outsourcing Oversight

person standing on wrecked plane Photo by Stefan Stefancik on

In October 2018, Lion Air Flight 610 left Jakarta, Indonesia for Pangkal Pinang, Indonesia in a Boeing 737 MAX 8 Aircraft (“737 MAX”). Thirteen minutes after takeoff, Flight 610 crashed into the Java Sea killing all passengers and crew. In response, Boeing and the Federal Aviation Administration began examining the Maneuvering Characteristics Augmentation Systems with plans to update the software by April 2019. In March 2019, Ethiopian Air Flight 302 left Addis Ababa, Ethiopia for Nairobi, Kenya, also flying the 737 MAX. The aircraft crashed six minutes after takeoff, once again killing all onboard. Because of the similarities between the crashes, the 737 MAX was grounded worldwide.

In March 2019, Secretary of Transportation Elaine Chao requested the Office of the Inspector General (“OIG”) for the U.S. Department of Transportation conduct an audit of the events that led to the certification of the 737 MAX. On June 29th this year, OIG released a report detailing the events leading up to two separate crashes of the 737 MAX. The June report was the first of several reports cataloguing the weaknesses of the 737 MAX certification process and recommending new guidelines and best practices for regulators going forward.

The Federal Aviation Administration (“FAA”) is tasked with certifying civilian aircraft manufactured and operated within the United States. The FAA’s statutory authority permits delegation of certification powers to “qualified private person[s].” In 2009, the FAA implemented the Organization Designation Authorization (“ODA”) to standardize the delegation of certification duties. Boeing began its application for certification of the 737 MAX in 2012. FAA regulations allowed for only significant changes to undergo regulatory oversight in a certification process known as Amended Type Certificate. One change from previous 737 models to the 737 MAX was the use of the Maneuvering Characteristics Augmentation Systems (“MCAS”). MCAS, in short, monitored the aircraft’s angle-of-attack and adjusted the pitch of the aircraft to prevent stalling. Ironically, the OIG found in 2015 that the ODA program was not properly assessing risk.

In early discussions between regulators and Boeing, the designers made little mention of the MCAS because “Boeing presented the software as a modification to the existing speed trim system that would only activate under certain limited conditions.” Following the 2012 application, Boeing and the FAA developed a certification plan, including delegation to Boeing to self-certify certain aspects of the 737 MAX. During this self-certification, engineers at Boeing increased the control the MCAS had over midflight pitch-adjustment, which was not communicated to regulators. In March 2017, the FAA issued an Amended Type Certificate to Boeing for the 737 MAX.

The June 2020 OIG report identified flaws in the ODA program and the regulators’ unfamiliarity with the MCAS system as primary causes of the Lion Air and Ethiopian Air crashes. Specifically, OIG’s report notes that recommendations from the 2015 ODA report are still outstanding, and thus, are focused on self-certification capacity rather than risk management. Additionally, OIG noted the regulators’ lack of familiarity with the MCAS system before the Lion Air crash as one of the main reasons for the lack of oversight. Because this June 2020 report was the first of several reports regarding the 737 MAX certification process and crashes, it does not contain any recommendations to the FAA in addition to the 2015 recommendations. Going forward, the FAA should more closely examine any software changes that may interfere with a pilot’s control over an aircraft and implement the 2015 recommendations to reform the ODA program to focus on risk management.