The 60-Second Premise
A procurement analyst onboarding a new chemical supplier has one job before the contract goes to legal: confirm the facility is not a repeat environmental offender. The public tool for this is ECHO — Enforcement and Compliance History Online — which indexes inspection, violation, and enforcement data across more than 800,000 regulated facilities (EPA · 1998). No account, no login, no FOIA request.
The walkthrough below uses a known polluter as the example target so the reader can see what a "hit" looks like when it lands. Call the test subject "Acme Refining" — any large Gulf Coast refinery, chemical plant, or metals smelter will produce comparable results.
Step 1: Open Facility Search (10 seconds)
Navigate to ECHO's Facility Search. The search accepts facility name, facility ID, city, state, or ZIP code, and requires no authentication (echo.epa.gov · 2026). For supplier due diligence, the most reliable entry is the physical address on the supplier's W-9 or master vendor record — facility names often differ from the legal entity name on a purchase order, because the operating subsidiary, the permit holder, and the parent company are frequently three different names.
Type the street address or ZIP. ECHO returns a results grid with facility name, address, regulated programs (CAA, CWA, RCRA, SDWA), and a compliance status indicator.
Step 2: Open the Facility Detail Page (10 seconds)
Click the matching facility. The detail page loads a compliance summary organized by statute. For a refinery, expect to see entries under the Clean Air Act, Clean Water Act, and the Resource Conservation and Recovery Act simultaneously — ECHO supports integrated searches of both EPA and state data, so a facility with overlapping permits surfaces all of them in one view (EPA · 1998).
The "Three-Year Compliance Status" banner at the top is the fastest signal. "Significant Violator," "High Priority Violator," or "Serious Violator" designations mean the facility has tripped a federal threshold in the trailing 36 months and should escalate to a deeper review before contracting.
Step 3: Filter to Enforcement Actions (15 seconds)
Scroll to the "Enforcement" panel on the facility page, or switch to the Enforcement Case Search tab. This view queries civil cases from the Integrated Compliance Information System (ICIS) and criminal cases from the Summary of Criminal Prosecutions database (echo.epa.gov · 2026). Civil actions span ten federal statutes — CAA, CWA, RCRA, SDWA, CERCLA, TSCA, EPCRA, FIFRA, MPRSA, and the AIM Act — which covers essentially every environmental risk a procurement team would flag (echo.epa.gov · 2026).
Sort the enforcement table by "Settlement Date" or "Case Conclusion Date," descending. The top five rows are the supplier's last five resolved actions. For each row, the table shows case number, lead statute, case type (civil judicial, civil administrative, or criminal), penalty amount, and compliance requirements imposed.
Critical detail for vendor screening: ICIS also tracks federally reportable enforcement actions taken by state agencies under CWA-NPDES and Clean Air Act programs (echo.epa.gov · 2026). A Texas TCEQ consent order or a Louisiana LDEQ administrative penalty that meets the federal reporting threshold appears in the same list as federal EPA actions. Analysts do not need to run a separate state search for the majority of material state enforcement.
Step 4: Customize Columns (10 seconds)
ECHO's results pages include a "Customize Columns" feature that lets the user add or remove fields (echo.epa.gov · 2026). For a procurement workflow, the minimum useful column set is:
- Case Number
- Lead Statute
- Case Type (civil / criminal)
- Violation Types Alleged
- Federal Penalty Assessed
- State/Local Penalty Assessed
- Compliance Action Required
- Case Conclusion Date
This column set produces a one-line summary per case that a category manager can paste into a supplier risk memo without reformatting.
Step 5: Export to CSV (15 seconds)
The results grid exports directly to CSV. For heavier lifts — screening an entire category's worth of suppliers at once — ECHO publishes a downloadable ECHO Exporter file covering summary information for more than 1.5 million regulated facilities in a single ZIP (echo.epa.gov · 2026). A single enforcement case search can return up to 60,000 cases in one query, which is sufficient for almost any corporate-level sweep (echo.epa.gov · 2026).
For teams that need programmatic pulls, ECHO also exposes public web services for direct integration into vendor management platforms (echo.epa.gov · 2026). Procurement operations that refresh supplier risk scores nightly can hit the API instead of scripting against the CSV export.
Corporate-Level Screening
Facility-level search answers "is this plant a problem." Corporate-level search answers "is this parent company a serial offender." ECHO's Corporate Compliance Screener assesses compliance patterns at the parent-company level, not just individual facility level (echo.epa.gov · 2026). This matters when a supplier operates under multiple subsidiary names or has recently acquired facilities with pre-existing violation histories.
The Enforcement Case Search also accepts company name as a primary filter, returning every civil and criminal case tied to the entity across all its facilities (echo.epa.gov · 2026). Civil and cleanup enforcement case records in ICIS extend back to 1998 (EPA · 1998); criminal prosecution records are organized by U.S. government fiscal year, October through September (EPA · 1998).
Ongoing Monitoring
Point-in-time screening at onboarding is weaker than continuous monitoring. ECHO Notify sends alerts on specific facilities as new inspections, violations, or enforcement actions post (echo.epa.gov · 2026). A vendor manager can subscribe to the top 50 suppliers by spend and receive email notification when any of them record a new compliance event, which converts annual supplier reviews into real-time risk surveillance.
Known Limits
Two caveats the procurement team should document in any ECHO-based screening procedure.
First, ECHO reflects data as entered into ICIS and state systems. State-only enforcement actions that do not meet the federal reporting threshold will not appear, and state reporting timeliness varies by agency.
Second, ECHO is environmental only. For a broader corporate misconduct picture — Occupational Safety and Health Administration cases, labor violations, consumer protection actions, banking enforcement — analysts typically pair ECHO with Violation Tracker, a separate database produced by Good Jobs First's Corporate Research Project that covers 358,000 civil and criminal cases across more than 40 federal regulatory agencies since 2000, with total penalties exceeding $450 billion (ercweb.com · 2019).
For the narrow question — "what are this supplier's last five environmental violations" — ECHO answers it in under a minute, exports to CSV, and surfaces federal plus federally reportable state actions in the same view. That is the workflow.